Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3182473663947752.exe

Overview

General Information

Sample name:3182473663947752.exe
Analysis ID:1411151
MD5:4656286f5599e9f1e541f763da280a02
SHA1:87d5333dc8d85f5c01cc97970ab01ec330d6c09d
SHA256:a9f1b1f099d72e3d3bb950a335b612a7e2d551e38bc8d72a9d3035453b3760ed
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected PureLog Stealer
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 3182473663947752.exe (PID: 7480 cmdline: C:\Users\user\Desktop\3182473663947752.exe MD5: 4656286F5599E9F1E541F763DA280A02)
    • 3182473663947752.exe (PID: 7560 cmdline: C:\Users\user\Desktop\3182473663947752.exe MD5: 4656286F5599E9F1E541F763DA280A02)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "pecrkva.rs", "Username": "info@pecrkva.rs", "Password": "CrkvenaSifra008"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1731699605.0000000005590000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000002.00000002.2966199143.00000000031EE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.2966199143.0000000003218000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 19 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.3182473663947752.exe.4850e80.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.3182473663947752.exe.4800e60.11.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.3182473663947752.exe.5590000.13.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.3182473663947752.exe.4088260.9.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.2.3182473663947752.exe.4088260.9.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 22 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.105.36.190, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\3182473663947752.exe, Initiated: true, ProcessId: 7560, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49729

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "pecrkva.rs", "Username": "info@pecrkva.rs", "Password": "CrkvenaSifra008"}
                      Multi AV Scanner detection for submitted file
                      Source: 3182473663947752.exeReversingLabs: Detection: 18%
                      Machine Learning detection for sample
                      Source: 3182473663947752.exeJoe Sandbox ML: detected
                      Source: 3182473663947752.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 3182473663947752.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732737643.0000000005850000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732737643.0000000005850000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05400F44
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05400F50
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then jmp 057BE8DAh0_2_057BE728
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then jmp 057BE8DAh0_2_057BE71B
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_057EF6E0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_057EF6D9
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then jmp 057E0B8Eh0_2_057E0978
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then jmp 057E0B8Eh0_2_057E0988
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 4x nop then jmp 057E0B8Eh0_2_057E0B46
                      Source: global trafficTCP traffic: 192.168.2.4:49729 -> 77.105.36.190:587
                      Source: global trafficTCP traffic: 192.168.2.4:49729 -> 77.105.36.190:587
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownDNS traffic detected: queries for: pecrkva.rs
                      Source: 3182473663947752.exeString found in binary or memory: http://cipa.jp/exif/1.0/
                      Source: 3182473663947752.exeString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
                      Source: 3182473663947752.exeString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
                      Source: 3182473663947752.exeString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
                      Source: 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pecrkva.rs
                      Source: 3182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                      Source: 3182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
                      Source: 3182473663947752.exeString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
                      Source: 3182473663947752.exeString found in binary or memory: http://www.npes.org/pdfx/ns/id/
                      Source: 3182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: 3182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, l8rGfzxi.cs.Net Code: MCNeeT6TvU

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.3182473663947752.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.3182473663947752.exe.4088260.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.3182473663947752.exe.2eab60c.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.3182473663947752.exe.2eab60c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED7A8 NtWriteVirtualMemory,0_2_057ED7A8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED638 NtAllocateVirtualMemory,0_2_057ED638
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED930 NtUnmapViewOfSection,0_2_057ED930
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057EDBD8 NtResumeThread,0_2_057EDBD8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057EDA68 NtSetContextThread,0_2_057EDA68
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED7A0 NtWriteVirtualMemory,0_2_057ED7A0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED630 NtAllocateVirtualMemory,0_2_057ED630
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ED928 NtUnmapViewOfSection,0_2_057ED928
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057EDBD1 NtResumeThread,0_2_057EDBD1
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057EDA60 NtSetContextThread,0_2_057EDA60
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C319600_2_02C31960
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C333BA0_2_02C333BA
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C319300_2_02C31930
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C32CF80_2_02C32CF8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C32D080_2_02C32D08
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_054026A00_2_054026A0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0540AC100_2_0540AC10
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05405E2C0_2_05405E2C
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05404A2F0_2_05404A2F
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_054026900_2_05402690
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05408F020_2_05408F02
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0540FEBB0_2_0540FEBB
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0540F9A80_2_0540F9A8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0540F9B80_2_0540F9B8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05404A370_2_05404A37
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558BCD00_2_0558BCD0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558F7980_2_0558F798
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_055803980_2_05580398
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_055809700_2_05580970
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_055889000_2_05588900
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558C0070_2_0558C007
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_055888F10_2_055888F1
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558038A0_2_0558038A
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558D2E80_2_0558D2E8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057BBDB80_2_057BBDB8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E78600_2_057E7860
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E00DD0_2_057E00DD
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E53630_2_057E5363
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E09780_2_057E0978
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E09880_2_057E0988
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E78510_2_057E7851
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E0B460_2_057E0B46
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E8AE00_2_057E8AE0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057E8AD00_2_057E8AD0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0590DB500_2_0590DB50
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_058F00070_2_058F0007
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_058F00400_2_058F0040
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_018741C82_2_018741C8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_01874A982_2_01874A98
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_0187CDD82_2_0187CDD8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_01873E802_2_01873E80
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_068356B82_2_068356B8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_06833F282_2_06833F28
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_0683BCD02_2_0683BCD0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_0683DCD82_2_0683DCD8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_06839AB02_2_06839AB0
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_06832AF82_2_06832AF8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_06838B602_2_06838B60
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_068300402_2_06830040
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_06834FD82_2_06834FD8
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_068332232_2_06833223
                      Source: 3182473663947752.exe, 00000000.00000000.1706264744.0000000000342000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAzdmyxofdr.exe" vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAulifddzfcf.dll" vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.00000000040E3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAulifddzfcf.dll" vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename24cefc5a-92d7-4b8a-bdbc-e3f0fe1543b8.exe4 vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002FDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002FDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003FEF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAulifddzfcf.dll" vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1715922084.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename24cefc5a-92d7-4b8a-bdbc-e3f0fe1543b8.exe4 vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1732737643.0000000005850000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1729671070.00000000051C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAulifddzfcf.dll" vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000002.00000002.2963973186.00000000012F8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 3182473663947752.exe
                      Source: 3182473663947752.exe, 00000002.00000002.2963800861.000000000043E000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename24cefc5a-92d7-4b8a-bdbc-e3f0fe1543b8.exe4 vs 3182473663947752.exe
                      Source: 3182473663947752.exeBinary or memory string: OriginalFilenameAzdmyxofdr.exe" vs 3182473663947752.exe
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeSection loaded: msasn1.dllJump to behavior
                      Source: 3182473663947752.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.3182473663947752.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.3182473663947752.exe.4088260.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.3182473663947752.exe.2eab60c.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.3182473663947752.exe.2eab60c.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, N1EZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, N1EZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, N1EZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, N1EZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, arzrv9AWTXK.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, arzrv9AWTXK.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, InmxgXcIi8d.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, InmxgXcIi8d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/1
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3182473663947752.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMutant created: NULL
                      Source: 3182473663947752.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 3182473663947752.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 3182473663947752.exeReversingLabs: Detection: 18%
                      Source: unknownProcess created: C:\Users\user\Desktop\3182473663947752.exe C:\Users\user\Desktop\3182473663947752.exe
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess created: C:\Users\user\Desktop\3182473663947752.exe C:\Users\user\Desktop\3182473663947752.exe
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess created: C:\Users\user\Desktop\3182473663947752.exe C:\Users\user\Desktop\3182473663947752.exeJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: 3182473663947752.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: 3182473663947752.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: 3182473663947752.exeStatic file information: File size 3817472 > 1048576
                      Source: 3182473663947752.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3a3600
                      Source: 3182473663947752.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732737643.0000000005850000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732737643.0000000005850000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.3182473663947752.exe.3fef3a0.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4850e80.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4800e60.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.5590000.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4800e60.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.48f0ea0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4372440.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1731699605.0000000005590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7480, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C3723C push ds; ret 0_2_02C37241
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C308A0 pushfd ; retf 0_2_02C308A1
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C3184B push cs; ret 0_2_02C3185A
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C3185B push cs; ret 0_2_02C31866
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31873 push cs; ret 0_2_02C3187E
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31807 push cs; ret 0_2_02C3180E
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C3180F push ss; ret 0_2_02C31816
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31823 push cs; ret 0_2_02C31826
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C3183F push cs; ret 0_2_02C31842
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C316D3 push ss; ret 0_2_02C316DA
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C30E1F push es; iretd 0_2_02C30E2A
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31797 push ss; ret 0_2_02C317A2
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31743 push ss; ret 0_2_02C3174A
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31713 push cs; ret 0_2_02C31716
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_02C31737 push 0000000Bh; ret 0_2_02C31742
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_054014A0 pushfd ; ret 0_2_054014A1
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05402168 push eax; retf 0_2_05402169
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0540CDF0 pushad ; iretd 0_2_0540CDF1
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_0558A55A pushad ; retf 0_2_0558A561
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_05583EE8 pushfd ; retf 0_2_05583EFF
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057B9F64 push es; iretd 0_2_057B9F67
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057B6B40 push esp; retf 0565h0_2_057B6B4D
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_057ECCC4 push cs; ret 0_2_057ECCC5
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 0_2_058F656D push edi; retf 0_2_058F656E
                      Source: C:\Users\user\Desktop\3182473663947752.exeCode function: 2_2_0187FFA0 push es; ret 2_2_0187FFB0
                      Source: C:\Users\user\Desktop\3182473663947752.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 2A40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 1870000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: 51A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeWindow / User API: threadDelayed 1706Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeWindow / User API: threadDelayed 8105Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7504Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7684Thread sleep count: 1706 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7684Thread sleep count: 8105 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99762s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99641s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99313s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep count: 33 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98938s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98365s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -97110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -96110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -95360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -99110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exe TID: 7664Thread sleep time: -98735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99762Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99641Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99531Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99422Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99313Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99188Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99063Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98938Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98828Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98719Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98594Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98485Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98365Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98235Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98110Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97985Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97860Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97735Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97610Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97485Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97360Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97235Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 97110Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96985Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96860Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96735Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96610Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96485Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96360Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96235Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 96110Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95985Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95860Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95735Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95610Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95485Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 95360Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99985Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99860Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99735Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99610Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99485Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99360Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99235Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 99110Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98985Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98860Jump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeThread delayed: delay time: 98735Jump to behavior
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: 3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\3182473663947752.exeMemory written: C:\Users\user\Desktop\3182473663947752.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeProcess created: C:\Users\user\Desktop\3182473663947752.exe C:\Users\user\Desktop\3182473663947752.exeJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Users\user\Desktop\3182473663947752.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Users\user\Desktop\3182473663947752.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.3182473663947752.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2966199143.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2966199143.0000000003218000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2966199143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7480, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7560, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4372440.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.40f2420.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.51c0000.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.51c0000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.40f2420.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4372440.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1719299161.00000000040E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1729671070.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\3182473663947752.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.3182473663947752.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2966199143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7480, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7560, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.3182473663947752.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4088260.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.2eab60c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2966199143.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2966199143.0000000003218000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2966199143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7480, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: 3182473663947752.exe PID: 7560, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4372440.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.40f2420.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.51c0000.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.51c0000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.40f2420.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.3182473663947752.exe.4372440.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1719299161.00000000040E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1729671070.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		111
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Scheduled Task/Job                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Software Packing                      		NTDS211
                      Security Software Discovery                      		Distributed Component Object Model1
                      Input Capture                      		11
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials141
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      3182473663947752.exe18%ReversingLabsWin32.Trojan.Generic
                      3182473663947752.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
                      http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://cipa.jp/exif/1.0/0%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://www.npes.org/pdfx/ns/id/0%Avira URL Cloudsafe
                      http://pecrkva.rs0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      pecrkva.rs
                      		77.105.36.190
                      		truefalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.aiim.org/pdfa/ns/property#3182473663947752.exefalse
                          		high
                          http://ns.useplus.org/ldf/xmp/1.0/3182473663947752.exefalse
                          • URL Reputation: safe
                          		unknown
                          http://www.aiim.org/pdfa/ns/type#3182473663947752.exefalse
                            		high
                            https://github.com/mgravell/protobuf-neti3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/14436606/233543182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://account.dyn.com/3182473663947752.exe, 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/mgravell/protobuf-netJ3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.aiim.org/pdfa/ns/id/3182473663947752.exefalse
                                      		high
                                      http://iptc.org/std/Iptc4xmpExt/2008-02-29/3182473663947752.exefalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://x1.c.lencr.org/03182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://x1.i.lencr.org/03182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://stackoverflow.com/q/11564914/23354;3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://stackoverflow.com/q/2152978/233543182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.aiim.org/pdfa/ns/schema#3182473663947752.exefalse
                                            		high
                                            http://www.npes.org/pdfx/ns/id/3182473663947752.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.aiim.org/pdfa/ns/field#3182473663947752.exefalse
                                              		high
                                              http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/3182473663947752.exefalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://r3.o.lencr.org03182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/mgravell/protobuf-net3182473663947752.exe, 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.0000000003ED4000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1732177439.0000000005760000.00000004.08000000.00040000.00000000.sdmp, 3182473663947752.exe, 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.aiim.org/pdfa/ns/extension/3182473663947752.exefalse
                                                  		high
                                                  http://cipa.jp/exif/1.0/3182473663947752.exefalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://pecrkva.rs3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name3182473663947752.exe, 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://r3.i.lencr.org/03182473663947752.exe, 00000002.00000002.2973938967.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2974248541.0000000005904000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.000000000322A000.00000004.00000800.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2964180539.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, 3182473663947752.exe, 00000002.00000002.2966199143.00000000031F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    77.105.36.190
                                                    		pecrkva.rsSerbia
                                                    		9125ORIONTELEKOM-ASRSfalse

                                                    General Information

                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                    Analysis ID:1411151
                                                    Start date and time:2024-03-18 17:02:06 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 6m 44s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:7
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:3182473663947752.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@3/1@2/1
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 95%
                                                    • Number of executed functions: 268
                                                    • Number of non-executed functions: 27
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: 3182473663947752.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    17:03:02API Interceptor62x Sleep call for process: 3182473663947752.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    No context

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    ORIONTELEKOM-ASRSCE1J3nsJim.elfGet hashmaliciousMirai, OkiruBrowse
                                                    • 178.254.136.77
                                                    vUvgbnhi3T.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.73.97
                                                    W58U3lImGU.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.97.219
                                                    3ZCVTnKE2z.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.97.41
                                                    MmVwe8fCiq.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.73.89
                                                    cool.x86.elfGet hashmaliciousUnknownBrowse
                                                    • 178.254.146.206
                                                    idYcZwGPgA.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.97.44
                                                    sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                    • 79.175.97.59
                                                    mG5HPxd4nF.elfGet hashmaliciousMiraiBrowse
                                                    • 46.16.107.0
                                                    polar.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 79.175.85.44

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3182473663947752.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\3182473663947752.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):716
                                                    Entropy (8bit):5.350074230533824
                                                    Encrypted:false
                                                    SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEnirkvoDLI4MWuCv:ML9E4KlKDE4KhKiKhRAE4KzeRE4Ks
                                                    MD5:F7E80A89B59EFA3CAC428E12420D971C
                                                    SHA1:DD2427B85EEC73FBD3C353E5F8D18CF2B8286B00
                                                    SHA-256:0731A6A7ED19AAF142738A522427B3EC07B2A64CD105C4D999A301016A4C2DCC
                                                    SHA-512:D41797D9C35DFE77511DEC89CB973F342346FCBB09ED1C2BF45521DE2860A002C809EECC765CA6B4D7030316D872AA2CD58EC4455DF279B04DB1BB347233ACA9
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.325232626452867
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    File name:3182473663947752.exe
                                                    File size:3'817'472 bytes
                                                    MD5:4656286f5599e9f1e541f763da280a02
                                                    SHA1:87d5333dc8d85f5c01cc97970ab01ec330d6c09d
                                                    SHA256:a9f1b1f099d72e3d3bb950a335b612a7e2d551e38bc8d72a9d3035453b3760ed
                                                    SHA512:11563813c493cc69ccbb041b6ec79f13f85707ac218a15eab4802e0cf075bca9848c7d49e75a94c3922a64a26c4674b89b057f2c6ec1ad1760b8e916b67c1445
                                                    SSDEEP:98304:rgG2w+u5vJ+TZJMaSoNoCO0lblyUK36CPbg:rF2w+u5g/MN2O8blyUy7Pb
                                                    TLSH:27069D33F6AB65A1D2A67B32E7AA0D000761F95F3737CA0A75C923DE092375E9841317
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\*.e.................6:..........S:.. ...`:...@.. ........................:...........`................................

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x7a53fe
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x65F82A5C [Mon Mar 18 11:49:48 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3a53b00x4b.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a60000x570.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3a80000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x3a34040x3a36009960144b26b1082e3f2d1d3e8bd7a9a3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x3a60000x5700x600093030d6502a846ae46297eb09f8def2False0.40234375data3.946534672487436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x3a80000xc0x20096d135e067338d3c6838148559631e68False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x3a60a00x2e4data0.4297297297297297
                                                    RT_MANIFEST0x3a63840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 18, 2024 17:03:04.441307068 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:04.642029047 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:04.642159939 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:05.500768900 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:05.501785994 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:05.703432083 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:05.703670979 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:05.904767036 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:05.914896965 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:06.146219969 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.146250963 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.146269083 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.146384954 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:06.189132929 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:06.389914989 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.421184063 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:06.621663094 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.622649908 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:06.823227882 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:06.823646069 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.063429117 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.064899921 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.065167904 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.264261007 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.264700890 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.264955997 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.480747938 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.481018066 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.680653095 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.681345940 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.681416988 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.681452036 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.681487083 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:07.880527020 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.880631924 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.880944014 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.881124973 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.892348051 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:07.912117004 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.112648010 CET5874972977.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:08.117973089 CET49729587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.118983030 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.316076994 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:08.316205025 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.520601034 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:08.520770073 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.718559980 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:08.718755007 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:08.917764902 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:08.918410063 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.137258053 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.137295961 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.137311935 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.137427092 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.141186953 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.339725018 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.340899944 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.538382053 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.538885117 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.737428904 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.737919092 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:09.947637081 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:09.947912931 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.145319939 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.145623922 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.364451885 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.364703894 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.562177896 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.562484980 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.562544107 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.562577009 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.562623978 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:03:10.759958982 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.759985924 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.760154009 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.760205984 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.770431042 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:03:10.820179939 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:04:43.211077929 CET49730587192.168.2.477.105.36.190
                                                    Mar 18, 2024 17:04:43.409897089 CET5874973077.105.36.190192.168.2.4
                                                    Mar 18, 2024 17:04:43.410425901 CET49730587192.168.2.477.105.36.190

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 18, 2024 17:03:03.190854073 CET6338753192.168.2.41.1.1.1
                                                    Mar 18, 2024 17:03:04.195422888 CET6338753192.168.2.41.1.1.1
                                                    Mar 18, 2024 17:03:04.432678938 CET53633871.1.1.1192.168.2.4
                                                    Mar 18, 2024 17:03:04.432699919 CET53633871.1.1.1192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Mar 18, 2024 17:03:03.190854073 CET192.168.2.41.1.1.10x52a7Standard query (0)pecrkva.rsA (IP address)IN (0x0001)false
                                                    Mar 18, 2024 17:03:04.195422888 CET192.168.2.41.1.1.10x52a7Standard query (0)pecrkva.rsA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Mar 18, 2024 17:03:04.432678938 CET1.1.1.1192.168.2.40x52a7No error (0)pecrkva.rs77.105.36.190A (IP address)IN (0x0001)false
                                                    Mar 18, 2024 17:03:04.432699919 CET1.1.1.1192.168.2.40x52a7No error (0)pecrkva.rs77.105.36.190A (IP address)IN (0x0001)false

                                                    SMTP Packets

                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                    Mar 18, 2024 17:03:05.500768900 CET5874972977.105.36.190192.168.2.4220-olivera.orion.rs ESMTP Exim 4.96.2 #2 Mon, 18 Mar 2024 17:03:05 +0100
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Mar 18, 2024 17:03:05.501785994 CET49729587192.168.2.477.105.36.190EHLO 305090
                                                    Mar 18, 2024 17:03:05.703432083 CET5874972977.105.36.190192.168.2.4250-olivera.orion.rs Hello 305090 [191.96.227.194]
                                                    250-SIZE 52428800
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-PIPECONNECT
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Mar 18, 2024 17:03:05.703670979 CET49729587192.168.2.477.105.36.190STARTTLS
                                                    Mar 18, 2024 17:03:05.904767036 CET5874972977.105.36.190192.168.2.4220 TLS go ahead
                                                    Mar 18, 2024 17:03:08.520601034 CET5874973077.105.36.190192.168.2.4220-olivera.orion.rs ESMTP Exim 4.96.2 #2 Mon, 18 Mar 2024 17:03:08 +0100
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Mar 18, 2024 17:03:08.520770073 CET49730587192.168.2.477.105.36.190EHLO 305090
                                                    Mar 18, 2024 17:03:08.718559980 CET5874973077.105.36.190192.168.2.4250-olivera.orion.rs Hello 305090 [191.96.227.194]
                                                    250-SIZE 52428800
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-PIPECONNECT
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Mar 18, 2024 17:03:08.718755007 CET49730587192.168.2.477.105.36.190STARTTLS
                                                    Mar 18, 2024 17:03:08.917764902 CET5874973077.105.36.190192.168.2.4220 TLS go ahead

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:17:02:59
                                                    Start date:18/03/2024
                                                    Path:C:\Users\user\Desktop\3182473663947752.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\3182473663947752.exe
                                                    Imagebase:0x340000
                                                    File size:3'817'472 bytes
                                                    MD5 hash:4656286F5599E9F1E541F763DA280A02
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1731699605.0000000005590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1719299161.0000000004072000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1716681279.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1719299161.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1719299161.00000000040E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1719299161.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1716681279.0000000002D9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1729671070.00000000051C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1719299161.0000000004372000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:2
                                                    Start time:17:03:00
                                                    Start date:18/03/2024
                                                    Path:C:\Users\user\Desktop\3182473663947752.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\3182473663947752.exe
                                                    Imagebase:0xb60000
                                                    File size:3'817'472 bytes
                                                    MD5 hash:4656286F5599E9F1E541F763DA280A02
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2966199143.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2966199143.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2963531858.0000000000402000.00000020.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2966199143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2966199143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:12.4%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:13.7%
                                                      Total number of Nodes:219
                                                      Total number of Limit Nodes:4
                                                      execution_graph 48837 5587dc2 48838 5587dcc 48837->48838 48842 57e6fd8 48838->48842 48847 57e6fc8 48838->48847 48839 5587afc 48843 57e6fed 48842->48843 48846 57e7003 48843->48846 48852 57e73e8 48843->48852 48857 57e70e2 48843->48857 48846->48839 48848 57e6fd8 48847->48848 48849 57e73e8 14 API calls 48848->48849 48850 57e70e2 14 API calls 48848->48850 48851 57e7003 48848->48851 48849->48851 48850->48851 48851->48839 48853 57e7075 48852->48853 48854 57e7280 48852->48854 48853->48846 48854->48853 48862 57e8a90 48854->48862 48877 57e8a81 48854->48877 48859 57e70f1 48857->48859 48858 57e7075 48858->48846 48859->48858 48860 57e8a90 14 API calls 48859->48860 48861 57e8a81 14 API calls 48859->48861 48860->48858 48861->48858 48863 57e8aa5 48862->48863 48864 57e8ac4 48863->48864 48892 57ea7dc 48863->48892 48897 57e94a2 48863->48897 48902 57e91e4 48863->48902 48907 57ea16a 48863->48907 48912 57e91ad 48863->48912 48917 57e98ec 48863->48917 48922 57e93ee 48863->48922 48928 57ea3ee 48863->48928 48933 57ea315 48863->48933 48939 57ea239 48863->48939 48944 57e9019 48863->48944 48949 57e8ffc 48863->48949 48864->48853 48878 57e8a90 48877->48878 48879 57e8ac4 48878->48879 48880 57ea7dc 2 API calls 48878->48880 48881 57e8ffc 2 API calls 48878->48881 48882 57e9019 2 API calls 48878->48882 48883 57ea239 2 API calls 48878->48883 48884 57ea315 2 API calls 48878->48884 48885 57ea3ee 2 API calls 48878->48885 48886 57e93ee 2 API calls 48878->48886 48887 57e98ec 2 API calls 48878->48887 48888 57e91ad 2 API calls 48878->48888 48889 57ea16a 2 API calls 48878->48889 48890 57e91e4 2 API calls 48878->48890 48891 57e94a2 2 API calls 48878->48891 48879->48853 48880->48879 48881->48879 48882->48879 48883->48879 48884->48879 48885->48879 48886->48879 48887->48879 48888->48879 48889->48879 48890->48879 48891->48879 48893 57e8ccc 48892->48893 48894 57eaadb 48892->48894 48954 57ed4d0 48894->48954 48958 57ed4c8 48894->48958 48898 57eab01 48897->48898 48900 57ed4c8 VirtualProtectEx 48898->48900 48901 57ed4d0 VirtualProtectEx 48898->48901 48899 57e8ccc 48900->48899 48901->48899 48903 57e91f3 48902->48903 48962 57ed7a8 48903->48962 48966 57ed7a0 48903->48966 48904 57e8ccc 48904->48864 48908 57ea630 48907->48908 48970 57ef9b8 48908->48970 48975 57ef9a8 48908->48975 48913 57ea2b7 48912->48913 48988 57edbd8 48913->48988 48992 57edbd1 48913->48992 48914 57ea2ec 48918 57e98f2 48917->48918 48996 57ed638 48918->48996 49000 57ed630 48918->49000 48919 57e9937 48919->48864 48923 57e93fd 48922->48923 49004 57efa50 48923->49004 49010 57efaa0 48923->49010 49015 57efab0 48923->49015 48924 57e9478 48929 57ea3fd 48928->48929 49020 57ed928 48929->49020 49024 57ed930 48929->49024 48930 57ea41c 48934 57ea324 48933->48934 48936 57efa50 2 API calls 48934->48936 48937 57efab0 2 API calls 48934->48937 48938 57efaa0 2 API calls 48934->48938 48935 57e8ccc 48936->48935 48937->48935 48938->48935 48940 57ea248 48939->48940 49028 57bfea9 48940->49028 49033 57bfeb8 48940->49033 48941 57ea268 48945 57e9028 48944->48945 49046 57bfe20 48945->49046 49051 57bfe10 48945->49051 48946 57e9048 48950 57e9009 48949->48950 48952 57edbd8 NtResumeThread 48950->48952 48953 57edbd1 NtResumeThread 48950->48953 48951 57ea2ec 48952->48951 48953->48951 48955 57ed519 VirtualProtectEx 48954->48955 48957 57ed591 48955->48957 48957->48893 48959 57ed4d0 VirtualProtectEx 48958->48959 48961 57ed591 48959->48961 48961->48893 48963 57ed7f1 NtWriteVirtualMemory 48962->48963 48965 57ed88a 48963->48965 48965->48904 48967 57ed7a8 NtWriteVirtualMemory 48966->48967 48969 57ed88a 48967->48969 48969->48904 48971 57ef9cd 48970->48971 48980 57ed0f4 48971->48980 48984 57ed100 48971->48984 48976 57ef9cd 48975->48976 48978 57ed0f4 CreateProcessA 48976->48978 48979 57ed100 CreateProcessA 48976->48979 48977 57ea677 48978->48977 48979->48977 48981 57ed100 CreateProcessA 48980->48981 48983 57ed39a 48981->48983 48985 57ed177 CreateProcessA 48984->48985 48987 57ed39a 48985->48987 48989 57edc21 NtResumeThread 48988->48989 48991 57edc78 48989->48991 48991->48914 48993 57edbd8 NtResumeThread 48992->48993 48995 57edc78 48993->48995 48995->48914 48997 57ed684 NtAllocateVirtualMemory 48996->48997 48999 57ed707 48997->48999 48999->48919 49001 57ed638 NtAllocateVirtualMemory 49000->49001 49003 57ed707 49001->49003 49003->48919 49005 57efa5a 49004->49005 49006 57efab7 49004->49006 49005->48924 49008 57ed7a8 NtWriteVirtualMemory 49006->49008 49009 57ed7a0 NtWriteVirtualMemory 49006->49009 49007 57efae7 49007->48924 49008->49007 49009->49007 49011 57efab0 49010->49011 49013 57ed7a8 NtWriteVirtualMemory 49011->49013 49014 57ed7a0 NtWriteVirtualMemory 49011->49014 49012 57efae7 49012->48924 49013->49012 49014->49012 49016 57efac5 49015->49016 49018 57ed7a8 NtWriteVirtualMemory 49016->49018 49019 57ed7a0 NtWriteVirtualMemory 49016->49019 49017 57efae7 49017->48924 49018->49017 49019->49017 49021 57ed930 NtUnmapViewOfSection 49020->49021 49023 57ed9cb 49021->49023 49023->48930 49025 57ed974 NtUnmapViewOfSection 49024->49025 49027 57ed9cb 49025->49027 49027->48930 49029 57bfeb8 49028->49029 49038 57eda68 49029->49038 49042 57eda60 49029->49042 49030 57bfee6 49030->48941 49034 57bfecd 49033->49034 49036 57eda68 NtSetContextThread 49034->49036 49037 57eda60 NtSetContextThread 49034->49037 49035 57bfee6 49035->48941 49036->49035 49037->49035 49039 57edaac NtSetContextThread 49038->49039 49041 57edb03 49039->49041 49041->49030 49043 57eda68 NtSetContextThread 49042->49043 49045 57edb03 49043->49045 49045->49030 49047 57bfe35 49046->49047 49049 57eda68 NtSetContextThread 49047->49049 49050 57eda60 NtSetContextThread 49047->49050 49048 57bfe4e 49048->48946 49049->49048 49050->49048 49052 57bfe35 49051->49052 49054 57eda68 NtSetContextThread 49052->49054 49055 57eda60 NtSetContextThread 49052->49055 49053 57bfe4e 49053->48946 49054->49053 49055->49053 48785 2c32c08 48786 2c32c22 48785->48786 48787 2c32c32 48786->48787 48790 2c35413 48786->48790 48794 2c359dd 48786->48794 48798 5402178 48790->48798 48802 540216b 48790->48802 48791 2c35437 48819 5400c08 48794->48819 48824 5400bf8 48794->48824 48795 2c33562 48799 540218d 48798->48799 48806 54021b8 48799->48806 48803 540218d 48802->48803 48805 54021b8 2 API calls 48803->48805 48804 54021a5 48804->48791 48805->48804 48808 54021ef 48806->48808 48807 54021a5 48807->48791 48811 54022d0 48808->48811 48815 54022c8 48808->48815 48812 5402314 VirtualAlloc 48811->48812 48814 5402381 48812->48814 48814->48807 48816 5402314 VirtualAlloc 48815->48816 48818 5402381 48816->48818 48818->48807 48821 5400c2f 48819->48821 48820 5400cec 48820->48795 48829 5401100 48821->48829 48833 5401108 48821->48833 48826 5400c2f 48824->48826 48825 5400cec 48825->48795 48827 5401100 VirtualProtect 48826->48827 48828 5401108 VirtualProtect 48826->48828 48827->48825 48828->48825 48830 5401151 VirtualProtect 48829->48830 48832 54011be 48830->48832 48832->48820 48834 5401151 VirtualProtect 48833->48834 48836 54011be 48834->48836 48836->48820 49056 e0d01c 49057 e0d034 49056->49057 49058 e0d08f 49057->49058 49061 54017f0 49057->49061 49066 54017e5 49057->49066 49062 5401849 49061->49062 49071 5401d80 49062->49071 49076 5401d6f 49062->49076 49063 540187e 49067 5401849 49066->49067 49069 5401d80 2 API calls 49067->49069 49070 5401d6f 2 API calls 49067->49070 49068 540187e 49068->49068 49069->49068 49070->49068 49072 5401dad 49071->49072 49073 5400c08 2 API calls 49072->49073 49075 5401f43 49072->49075 49074 5401f34 49073->49074 49074->49063 49075->49063 49077 5401dad 49076->49077 49078 5400c08 2 API calls 49077->49078 49080 5401f43 49077->49080 49079 5401f34 49078->49079 49079->49063 49080->49063

                                                      Executed Functions

                                                      Function 0558BCD0 Relevance: 16.1, Strings: 12, Instructions: 1145COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-312445597
                                                      • Opcode ID: f0272c6367801e22802d49b5525d8fa6ebf2c007bf1095e9c93bc07c5ff0e1b2
                                                      • Instruction ID: c58b21e4163359e2e86e5b954cb51e28e89fed0f83d2b98d3985dc31a4b4846a
                                                      • Opcode Fuzzy Hash: f0272c6367801e22802d49b5525d8fa6ebf2c007bf1095e9c93bc07c5ff0e1b2
                                                      • Instruction Fuzzy Hash: 47B2F634A002188FDB14DFA9C884BADB7B6BF48700F158599E506AF3A5DB71ED85CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 054026A0 Relevance: 11.0, Strings: 8, Instructions: 1024COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 330 54026a0-54026c2 331 54026c4 330->331 332 54026c9-54027c4 330->332 331->332 334 54027ca-54028db 332->334 335 5402f4e-5402f76 332->335 375 54028e1-540290b 334->375 338 5403682-540368b 335->338 340 5403691-54036a9 338->340 341 5402f84-5402f8e 338->341 342 5402f90 341->342 343 5402f95-540308c 341->343 342->343 362 54030b6 343->362 363 540308e-540309a 343->363 366 54030bc-54030dc 362->366 364 54030a4-54030aa 363->364 365 540309c-54030a2 363->365 368 54030b4 364->368 365->368 370 540313c-54031bc 366->370 371 54030de-5403137 366->371 368->366 390 5403213-5403256 370->390 391 54031be-5403211 370->391 385 540367f 371->385 379 5402911-540296c 375->379 380 5402f17-5402f41 375->380 387 5402971-540297c 379->387 388 540296e 379->388 393 5402f43 380->393 394 5402f4b-5402f4c 380->394 385->338 392 5402e2c-5402e32 387->392 388->387 422 5403261-540326a 390->422 391->422 395 5402981-540299f 392->395 396 5402e38-5402eb4 call 5400760 392->396 393->394 394->335 400 54029a1-54029a5 395->400 401 54029f6-5402a0b 395->401 438 5402f01-5402f07 396->438 400->401 402 54029a7-54029b2 400->402 404 5402a12-5402a28 401->404 405 5402a0d 401->405 406 54029e8-54029ee 402->406 408 5402a2a 404->408 409 5402a2f-5402a46 404->409 405->404 413 54029f0-54029f1 406->413 414 54029b4-54029b8 406->414 408->409 411 5402a48 409->411 412 5402a4d-5402a63 409->412 411->412 418 5402a65 412->418 419 5402a6a-5402a71 412->419 421 5402a74-5402c21 413->421 416 54029ba 414->416 417 54029be-54029d6 414->417 416->417 424 54029d8 417->424 425 54029dd-54029e5 417->425 418->419 419->421 426 5402c23-5402c25 421->426 427 5402c59-5402d30 421->427 423 54032ca-54032d9 422->423 430 54032db-5403363 423->430 431 540326c-5403294 423->431 424->425 425->406 426->427 429 5402c27-5402c53 426->429 445 5402d32-5402d36 427->445 446 5402d94-5402da9 427->446 429->427 468 54034dc-54034e8 430->468 433 5403296 431->433 434 540329b-54032c4 431->434 433->434 434->423 439 5402eb6-5402efe call 5400bc0 * 2 438->439 440 5402f09-5402f0f 438->440 439->438 440->380 445->446 451 5402d38-5402d47 445->451 449 5402db0-5402dd1 446->449 450 5402dab 446->450 454 5402dd3 449->454 455 5402dd8-5402df7 449->455 450->449 452 5402d86-5402d8c 451->452 458 5402d49-5402d4d 452->458 459 5402d8e-5402d8f 452->459 454->455 460 5402df9 455->460 461 5402dfe-5402e1e 455->461 463 5402d57-5402d78 458->463 464 5402d4f-5402d53 458->464 467 5402e29 459->467 460->461 465 5402e20 461->465 466 5402e25 461->466 469 5402d7a 463->469 470 5402d7f-5402d83 463->470 464->463 465->466 466->467 467->392 472 5403368-5403371 468->472 473 54034ee-540354c 468->473 469->470 470->452 474 5403373 472->474 475 540337a-54034d0 472->475 488 5403583-54035ad 473->488 489 540354e-5403581 473->489 474->475 477 5403380-54033c0 474->477 478 54033c5-5403405 474->478 479 540340a-540344a 474->479 480 540344f-540348f 474->480 493 54034d6 475->493 477->493 478->493 479->493 480->493 497 54035b6-5403649 488->497 489->497 493->468 501 5403650-5403670 497->501 501->385
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4[6]$TJcq$Te^q$UUUU$UUUU$pbq$xbaq
                                                      • API String ID: 0-3976255209
                                                      • Opcode ID: fb25172ffa687eac9cf3943ebae95edb4c304e430859662252375b12b422dbb3
                                                      • Instruction ID: ef18fad3ff9aad3c9261b41a38a4f1caa0d79ab917c7ecefcc8f0015e897423e
                                                      • Opcode Fuzzy Hash: fb25172ffa687eac9cf3943ebae95edb4c304e430859662252375b12b422dbb3
                                                      • Instruction Fuzzy Hash: A3B2B375A04228CFDB64CF69C984BD9BBB2BF89300F1581E9D509AB365DB319E81CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558C007 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                      • API String ID: 0-2546334966
                                                      • Opcode ID: 14b39e12c6d0afc1577d81a3538bd933937b7b546b228fb73a0cf78fe7ffb18a
                                                      • Instruction ID: d2d76919446f2cde9c96000c56c1c4bd55932c3a70451b5324992497a3988073
                                                      • Opcode Fuzzy Hash: 14b39e12c6d0afc1577d81a3538bd933937b7b546b228fb73a0cf78fe7ffb18a
                                                      • Instruction Fuzzy Hash: 0822FD34A00219CFDB24DF64C984BADB7B2FF48705F1485A9E509AB295DB31ED85CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558F798 Relevance: 4.4, Strings: 3, Instructions: 622COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (_^q$Pl^q$$^q
                                                      • API String ID: 0-912065397
                                                      • Opcode ID: 93230ef806b5757db9f628adec8548f17e39334c68ccc648c766c6231bc239e1
                                                      • Instruction ID: e53b6947f70d40d6ab63a602f83533c4a5fc8587ee9bd4fd9b8bfe291a7bd81d
                                                      • Opcode Fuzzy Hash: 93230ef806b5757db9f628adec8548f17e39334c68ccc648c766c6231bc239e1
                                                      • Instruction Fuzzy Hash: 87324D34B402098FDB14EF28C598A7A77E2BF89711F2584A9E506EF365DB31DC82CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05402690 Relevance: 4.0, Strings: 3, Instructions: 248COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1912 5402690-54026c2 1913 54026c4 1912->1913 1914 54026c9-54027c4 1912->1914 1913->1914 1916 54027ca-54028db 1914->1916 1917 5402f4e-5402f76 1914->1917 1957 54028e1-540290b 1916->1957 1920 5403682-540368b 1917->1920 1922 5403691-54036a9 1920->1922 1923 5402f84-5402f8e 1920->1923 1924 5402f90 1923->1924 1925 5402f95-540308c 1923->1925 1924->1925 1944 54030b6 1925->1944 1945 540308e-540309a 1925->1945 1948 54030bc-54030dc 1944->1948 1946 54030a4-54030aa 1945->1946 1947 540309c-54030a2 1945->1947 1950 54030b4 1946->1950 1947->1950 1952 540313c-54031bc 1948->1952 1953 54030de-5403137 1948->1953 1950->1948 1972 5403213-5403256 1952->1972 1973 54031be-5403211 1952->1973 1967 540367f 1953->1967 1961 5402911-540296c 1957->1961 1962 5402f17-5402f41 1957->1962 1969 5402971-540297c 1961->1969 1970 540296e 1961->1970 1975 5402f43 1962->1975 1976 5402f4b-5402f4c 1962->1976 1967->1920 1974 5402e2c-5402e32 1969->1974 1970->1969 2004 5403261-540326a 1972->2004 1973->2004 1977 5402981-540299f 1974->1977 1978 5402e38-5402eb4 call 5400760 1974->1978 1975->1976 1976->1917 1982 54029a1-54029a5 1977->1982 1983 54029f6-5402a0b 1977->1983 2020 5402f01-5402f07 1978->2020 1982->1983 1984 54029a7-54029b2 1982->1984 1986 5402a12-5402a28 1983->1986 1987 5402a0d 1983->1987 1988 54029e8-54029ee 1984->1988 1990 5402a2a 1986->1990 1991 5402a2f-5402a46 1986->1991 1987->1986 1995 54029f0-54029f1 1988->1995 1996 54029b4-54029b8 1988->1996 1990->1991 1993 5402a48 1991->1993 1994 5402a4d-5402a63 1991->1994 1993->1994 2000 5402a65 1994->2000 2001 5402a6a-5402a71 1994->2001 2003 5402a74-5402c21 1995->2003 1998 54029ba 1996->1998 1999 54029be-54029d6 1996->1999 1998->1999 2006 54029d8 1999->2006 2007 54029dd-54029e5 1999->2007 2000->2001 2001->2003 2008 5402c23-5402c25 2003->2008 2009 5402c59-5402d30 2003->2009 2005 54032ca-54032d9 2004->2005 2012 54032db-5403363 2005->2012 2013 540326c-5403294 2005->2013 2006->2007 2007->1988 2008->2009 2011 5402c27-5402c53 2008->2011 2027 5402d32-5402d36 2009->2027 2028 5402d94-5402da9 2009->2028 2011->2009 2050 54034dc-54034e8 2012->2050 2015 5403296 2013->2015 2016 540329b-54032c4 2013->2016 2015->2016 2016->2005 2021 5402eb6-5402efe call 5400bc0 * 2 2020->2021 2022 5402f09-5402f0f 2020->2022 2021->2020 2022->1962 2027->2028 2033 5402d38-5402d47 2027->2033 2031 5402db0-5402dd1 2028->2031 2032 5402dab 2028->2032 2036 5402dd3 2031->2036 2037 5402dd8-5402df7 2031->2037 2032->2031 2034 5402d86-5402d8c 2033->2034 2040 5402d49-5402d4d 2034->2040 2041 5402d8e-5402d8f 2034->2041 2036->2037 2042 5402df9 2037->2042 2043 5402dfe-5402e1e 2037->2043 2045 5402d57-5402d78 2040->2045 2046 5402d4f-5402d53 2040->2046 2049 5402e29 2041->2049 2042->2043 2047 5402e20 2043->2047 2048 5402e25 2043->2048 2051 5402d7a 2045->2051 2052 5402d7f-5402d83 2045->2052 2046->2045 2047->2048 2048->2049 2049->1974 2054 5403368-5403371 2050->2054 2055 54034ee-540354c 2050->2055 2051->2052 2052->2034 2056 5403373 2054->2056 2057 540337a-54034d0 2054->2057 2070 5403583-54035ad 2055->2070 2071 540354e-5403581 2055->2071 2056->2057 2059 5403380-54033c0 2056->2059 2060 54033c5-5403405 2056->2060 2061 540340a-540344a 2056->2061 2062 540344f-540348f 2056->2062 2075 54034d6 2057->2075 2059->2075 2060->2075 2061->2075 2062->2075 2079 54035b6-5403649 2070->2079 2071->2079 2075->2050 2083 5403650-5403670 2079->2083 2083->1967
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: TJcq$Te^q$xbaq
                                                      • API String ID: 0-3225726259
                                                      • Opcode ID: c4a5f154051772322bcc4b8bd149dbbc477844f11133a238888ae8388a0908a2
                                                      • Instruction ID: c02f0373fdb1f68d3aa81c099a3653c68a27985e695a43ef507c417d528e549b
                                                      • Opcode Fuzzy Hash: c4a5f154051772322bcc4b8bd149dbbc477844f11133a238888ae8388a0908a2
                                                      • Instruction Fuzzy Hash: BAC16875E006188FDB58DF6AC984ADDBBF2AF89300F15C1AAD409AB365DB305A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0540AC10 Relevance: 3.9, Strings: 3, Instructions: 126COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2085 540ac10-540ac3e 2086 540ac40 2085->2086 2087 540ac45-540ace7 2085->2087 2086->2087 2089 540ace9-540acec 2087->2089 2090 540acef-540acf7 2089->2090 2091 540ad00-540b9f6 2090->2091 2092 540acf9-540c5da call 5408e48 2090->2092 2095 540b7ca-540b7e4 2091->2095 2096 540b9fc-540ba21 call 5408e48 2091->2096 2092->2090 2104 540c5e0-540c5e8 2092->2104 2102 540c272-540c28c 2095->2102 2103 540b7ea-540b7f2 2095->2103 2096->2090 2105 540ba27-540ba2f 2096->2105 2107 540b5c2-540b5c6 2102->2107 2108 540c292-540c29a 2102->2108 2103->2090 2104->2090 2105->2090 2109 540b873-540b87a 2107->2109 2110 540b5cc-540b5f1 call 5408e48 2107->2110 2108->2089 2112 540b880-540b888 2109->2112 2113 540c53b-540c54d call 5909668 2109->2113 2110->2090 2115 540b5f7-540b5ff 2110->2115 2112->2090 2116 540c552-540c56c 2113->2116 2115->2090 2116->2090
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$p$u
                                                      • API String ID: 0-888642424
                                                      • Opcode ID: 042eae1f7840042e29a18d9469f63f7f5be6c4f9667ca04fdb0d6de03b219f92
                                                      • Instruction ID: d3f342f5594bea57ec5c52287aa8ca5d56f0e11af3258eb5fa62a3901a672a6b
                                                      • Opcode Fuzzy Hash: 042eae1f7840042e29a18d9469f63f7f5be6c4f9667ca04fdb0d6de03b219f92
                                                      • Instruction Fuzzy Hash: B151A871D09628CBEB68DF67C8487DEBAB2BF88314F14D1FA840D66294DB750A85CF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05404A2F Relevance: 3.6, Strings: 2, Instructions: 1086COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2155 5404a2f-5404a6e 2157 5404a70 2155->2157 2158 5404a75-5404b81 2155->2158 2157->2158 2161 5404b83-5404b99 2158->2161 2162 5404ba5-5404bb1 2158->2162 2394 5404b9f call 5406c50 2161->2394 2395 5404b9f call 5406c60 2161->2395 2396 5404b9f call 5406c08 2161->2396 2163 5404bb3 2162->2163 2164 5404bb8-5404bbd 2162->2164 2163->2164 2166 5404bf5-5404c15 2164->2166 2167 5404bbf-5404bcb 2164->2167 2174 5404c17 2166->2174 2175 5404c1c-5404c41 2166->2175 2168 5404bd2-5404bf0 2167->2168 2169 5404bcd 2167->2169 2170 5405e19-5405e1f 2168->2170 2169->2168 2172 5405e21 2170->2172 2173 5405e29 2170->2173 2172->2173 2176 5405e2a 2173->2176 2174->2175 2179 5404c4d-5404e45 2175->2179 2176->2176 2196 54054b2-54054be 2179->2196 2197 54054c4-54054fc 2196->2197 2198 5404e4a-5404e56 2196->2198 2206 54055d6-54055dc 2197->2206 2199 5404e58 2198->2199 2200 5404e5d-5404f1a 2198->2200 2199->2200 2219 5404f3b-5404f8d 2200->2219 2220 5404f1c-5404f35 2200->2220 2208 5405501-540557e 2206->2208 2209 54055e2-540561a 2206->2209 2227 5405580-5405584 2208->2227 2228 54055b1-54055d3 2208->2228 2221 5405964-540596a 2209->2221 2239 5404f9c-5404fe9 2219->2239 2240 5404f8f-5404f97 2219->2240 2220->2219 2224 5405970-54059b8 2221->2224 2225 540561f-5405821 2221->2225 2233 5405a33-5405a7e 2224->2233 2234 54059ba-5405a2d 2224->2234 2320 5405827-54058a7 2225->2320 2321 54058ac-54058b0 2225->2321 2227->2228 2232 5405586-54055ae 2227->2232 2228->2206 2232->2228 2256 5405de3-5405de9 2233->2256 2234->2233 2257 5404ff8-5405045 2239->2257 2258 5404feb-5404ff3 2239->2258 2242 54054a3-54054af 2240->2242 2242->2196 2260 5405a83-5405adc 2256->2260 2261 5405def-5405e17 2256->2261 2271 5405054-54050a1 2257->2271 2272 5405047-540504f 2257->2272 2258->2242 2275 5405b04-5405b10 2260->2275 2276 5405ade-5405af9 2260->2276 2261->2170 2305 54050b0-54050fd 2271->2305 2306 54050a3-54050ab 2271->2306 2272->2242 2277 5405b12 2275->2277 2278 5405b17-5405b23 2275->2278 2276->2275 2277->2278 2280 5405b25-5405b31 2278->2280 2281 5405b36-5405b45 2278->2281 2284 5405dca-5405de0 2280->2284 2285 5405b47 2281->2285 2286 5405b4e-5405dab 2281->2286 2284->2256 2285->2286 2289 5405ca0-5405d08 2285->2289 2290 5405bc2-5405c11 2285->2290 2291 5405b54-5405bbd 2285->2291 2292 5405c16-5405c56 2285->2292 2293 5405c5b-5405c9b 2285->2293 2315 5405db6-5405dc2 2286->2315 2322 5405d7c-5405d82 2289->2322 2290->2315 2291->2315 2292->2315 2293->2315 2328 540510c-5405159 2305->2328 2329 54050ff-5405107 2305->2329 2306->2242 2315->2284 2339 540594b-5405961 2320->2339 2323 54058b2-540590b 2321->2323 2324 540590d-540594a 2321->2324 2325 5405d84-5405d8e 2322->2325 2326 5405d0a-5405d68 2322->2326 2323->2339 2324->2339 2325->2315 2341 5405d6a 2326->2341 2342 5405d6f-5405d79 2326->2342 2347 5405168-54051b5 2328->2347 2348 540515b-5405163 2328->2348 2329->2242 2339->2221 2341->2342 2342->2322 2352 54051c4-5405211 2347->2352 2353 54051b7-54051bf 2347->2353 2348->2242 2357 5405220-540526d 2352->2357 2358 5405213-540521b 2352->2358 2353->2242 2362 540527c-54052c9 2357->2362 2363 540526f-5405277 2357->2363 2358->2242 2367 54052d8-5405325 2362->2367 2368 54052cb-54052d3 2362->2368 2363->2242 2372 5405334-5405381 2367->2372 2373 5405327-540532f 2367->2373 2368->2242 2377 5405390-54053dd 2372->2377 2378 5405383-540538b 2372->2378 2373->2242 2382 54053ec-5405439 2377->2382 2383 54053df-54053e7 2377->2383 2378->2242 2387 5405445-5405492 2382->2387 2388 540543b-5405443 2382->2388 2383->2242 2392 5405494-540549c 2387->2392 2393 540549e-54054a0 2387->2393 2388->2242 2392->2242 2393->2242 2394->2162 2395->2162 2396->2162
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2$$^q
                                                      • API String ID: 0-1071376767
                                                      • Opcode ID: fae44da51d4430f7eedfab2d4600d53f91f4132bc1aed4c5e2285e272b531f2c
                                                      • Instruction ID: 27aed823cf2754eb2629e8cb7c68e237bbe1aec908e3045171889ad9ea080b0a
                                                      • Opcode Fuzzy Hash: fae44da51d4430f7eedfab2d4600d53f91f4132bc1aed4c5e2285e272b531f2c
                                                      • Instruction Fuzzy Hash: 00C283B4A042288FCB64DF69C984BD9BBB6FF88300F1095EAD509A7355DB309E85CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05580398 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2601 5580398-55803c0 2602 55803c2 2601->2602 2603 55803c7-5580400 2601->2603 2602->2603 2606 5580403-5580409 2603->2606 2607 558040b 2606->2607 2608 5580412-5580413 2606->2608 2607->2608 2609 5580418-5580461 2607->2609 2610 5580659 2607->2610 2611 55805de-55805f8 2607->2611 2612 558071f-5580725 call 5580841 2607->2612 2613 55806f4-5580714 2607->2613 2614 5580594-5580599 2607->2614 2615 55806b4-55806d9 2607->2615 2616 55806e8-55806e9 2607->2616 2617 55804ce-558050f 2607->2617 2618 558048f 2607->2618 2619 55805af-55805b2 2607->2619 2620 558062f 2607->2620 2621 5580581-5580592 2607->2621 2622 55806e5-55806e6 2607->2622 2623 5580766-5580767 2607->2623 2608->2612 2609->2612 2654 5580467-5580480 2609->2654 2625 55806a2-55806a8 2610->2625 2611->2610 2633 55805fa-5580611 2611->2633 2627 558072b-5580753 2612->2627 2628 55805a5-55805ad 2614->2628 2615->2625 2645 55806db-55806e3 2615->2645 2616->2613 2655 5580519-558051e 2617->2655 2656 5580511-5580517 2617->2656 2635 5580495-55804bd 2618->2635 2663 55805b8 call 5587268 2619->2663 2664 55805b8 call 55872e8 2619->2664 2638 5580638-558064f 2620->2638 2639 558056f-5580575 2621->2639 2622->2616 2623->2613 2631 55806aa 2625->2631 2632 55806b1-55806b2 2625->2632 2627->2606 2641 5580759-5580761 2627->2641 2628->2639 2630 55805be-55805d2 2630->2639 2642 55805d4-55805dc 2630->2642 2631->2615 2631->2616 2631->2622 2632->2615 2632->2622 2643 558061d-5580623 2633->2643 2644 5580613-558061b 2633->2644 2635->2606 2646 55804c3-55804c9 2635->2646 2638->2643 2647 5580651-5580657 2638->2647 2648 558057e-558057f 2639->2648 2649 5580577 2639->2649 2641->2606 2642->2639 2651 558062c-558062d 2643->2651 2652 5580625 2643->2652 2644->2643 2645->2625 2646->2606 2647->2643 2648->2619 2649->2610 2649->2611 2649->2614 2649->2615 2649->2616 2649->2619 2649->2620 2649->2621 2649->2622 2649->2648 2651->2610 2652->2610 2652->2615 2652->2616 2652->2620 2652->2622 2652->2651 2654->2606 2657 5580482-558048a 2654->2657 2658 5580520-5580521 2655->2658 2659 5580523-558055f 2655->2659 2656->2655 2657->2606 2658->2659 2659->2639 2662 5580561-5580567 2659->2662 2662->2639 2663->2630 2664->2630
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5g$Te^q
                                                      • API String ID: 0-3998389043
                                                      • Opcode ID: 3f6c243edf6ca975b0b00a5edb0b9b142b602f983ac5212e289e219b28531012
                                                      • Instruction ID: 7fbcc0af2a397d7e359f0b809b47a27462a247ca175a0d0c50cb40f83ab36aa0
                                                      • Opcode Fuzzy Hash: 3f6c243edf6ca975b0b00a5edb0b9b142b602f983ac5212e289e219b28531012
                                                      • Instruction Fuzzy Hash: 5AB1EA70E05218CFDB54EFAAD548BADBBF2BF89300F10946AD419B72A5D7705989CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558038A Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2666 558038a-55803c0 2667 55803c2 2666->2667 2668 55803c7-5580400 2666->2668 2667->2668 2671 5580403-5580409 2668->2671 2672 558040b 2671->2672 2673 5580412-5580413 2671->2673 2672->2673 2674 5580418-5580461 2672->2674 2675 5580659 2672->2675 2676 55805de-55805f8 2672->2676 2677 558071f-5580725 call 5580841 2672->2677 2678 55806f4-5580714 2672->2678 2679 5580594-5580599 2672->2679 2680 55806b4-55806d9 2672->2680 2681 55806e8-55806e9 2672->2681 2682 55804ce-558050f 2672->2682 2683 558048f 2672->2683 2684 55805af-55805b2 2672->2684 2685 558062f 2672->2685 2686 5580581-5580592 2672->2686 2687 55806e5-55806e6 2672->2687 2688 5580766-5580767 2672->2688 2673->2677 2674->2677 2719 5580467-5580480 2674->2719 2690 55806a2-55806a8 2675->2690 2676->2675 2698 55805fa-5580611 2676->2698 2692 558072b-5580753 2677->2692 2693 55805a5-55805ad 2679->2693 2680->2690 2710 55806db-55806e3 2680->2710 2681->2678 2720 5580519-558051e 2682->2720 2721 5580511-5580517 2682->2721 2700 5580495-55804bd 2683->2700 2729 55805b8 call 5587268 2684->2729 2730 55805b8 call 55872e8 2684->2730 2703 5580638-558064f 2685->2703 2704 558056f-5580575 2686->2704 2687->2681 2688->2678 2696 55806aa 2690->2696 2697 55806b1-55806b2 2690->2697 2692->2671 2706 5580759-5580761 2692->2706 2693->2704 2695 55805be-55805d2 2695->2704 2707 55805d4-55805dc 2695->2707 2696->2680 2696->2681 2696->2687 2697->2680 2697->2687 2708 558061d-5580623 2698->2708 2709 5580613-558061b 2698->2709 2700->2671 2711 55804c3-55804c9 2700->2711 2703->2708 2712 5580651-5580657 2703->2712 2713 558057e-558057f 2704->2713 2714 5580577 2704->2714 2706->2671 2707->2704 2716 558062c-558062d 2708->2716 2717 5580625 2708->2717 2709->2708 2710->2690 2711->2671 2712->2708 2713->2684 2714->2675 2714->2676 2714->2679 2714->2680 2714->2681 2714->2684 2714->2685 2714->2686 2714->2687 2714->2713 2716->2675 2717->2675 2717->2680 2717->2681 2717->2685 2717->2687 2717->2716 2719->2671 2722 5580482-558048a 2719->2722 2723 5580520-5580521 2720->2723 2724 5580523-558055f 2720->2724 2721->2720 2722->2671 2723->2724 2724->2704 2727 5580561-5580567 2724->2727 2727->2704 2729->2695 2730->2695
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5g$Te^q
                                                      • API String ID: 0-3998389043
                                                      • Opcode ID: dadd4437a0dc1ed0e4b0ba996c2da21ef76580020f08262849a6adfa172398ef
                                                      • Instruction ID: 4381ea46de428b43d560ecc20c5b649d9f74fa675d8a768a5d031b76388434e9
                                                      • Opcode Fuzzy Hash: dadd4437a0dc1ed0e4b0ba996c2da21ef76580020f08262849a6adfa172398ef
                                                      • Instruction Fuzzy Hash: A3B1E774E05218CFDB54DFAAD548BADBBF2BF89300F10906AE419B72A5DB705989CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BBDB8 Relevance: 2.0, Strings: 1, Instructions: 748COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq
                                                      • API String ID: 0-149360118
                                                      • Opcode ID: 6aaa99d2eb10fd485f5f3fe9dfe8650b770de81cc8e87d43ad2dd637695e6ca5
                                                      • Instruction ID: bb4fc17a4140bcb2f5b1736670e46f3a82d9523be8652e28f3b8be287ef0fb4d
                                                      • Opcode Fuzzy Hash: 6aaa99d2eb10fd485f5f3fe9dfe8650b770de81cc8e87d43ad2dd637695e6ca5
                                                      • Instruction Fuzzy Hash: 1E526970B0061A8FDB15CF69C494BAEBBF2FF88300F248529E55AD7391DB70A905DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED7A0 Relevance: 1.6, APIs: 1, Instructions: 116nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 057ED878
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: MemoryVirtualWrite
                                                      • String ID:
                                                      • API String ID: 3527976591-0
                                                      • Opcode ID: ef66218f73888e75757ed30709b7e4274ec86d99eab6a4b77c176d7fb4f363cb
                                                      • Instruction ID: 8c02ed2b3449912b1504aed1ed1b251efea8c752becc0d0e5ce13656741b8fe5
                                                      • Opcode Fuzzy Hash: ef66218f73888e75757ed30709b7e4274ec86d99eab6a4b77c176d7fb4f363cb
                                                      • Instruction Fuzzy Hash: DF4196B4D012589FCF10CFA9D980ADEFBF1BB49310F20942AE818BB210D734A945CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED7A8 Relevance: 1.6, APIs: 1, Instructions: 113nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 057ED878
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: MemoryVirtualWrite
                                                      • String ID:
                                                      • API String ID: 3527976591-0
                                                      • Opcode ID: 6d5d9962d38cd46ac21f6f5ff4e39cb9ad50a5d5bc5090318f89572597e20f8b
                                                      • Instruction ID: 3714297502087a46fda3b3a07d3da56733f835cbd7c729896eac3379b5fa6cc2
                                                      • Opcode Fuzzy Hash: 6d5d9962d38cd46ac21f6f5ff4e39cb9ad50a5d5bc5090318f89572597e20f8b
                                                      • Instruction Fuzzy Hash: B64196B4D012589FCF10CFA9D984ADEFBF1BB49310F20902AE819BB210D735A945CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED630 Relevance: 1.6, APIs: 1, Instructions: 113memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 057ED6F5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: ea97ab8a52494e54c484aeb25ca7aa806b99ca5381918ca3b097bdeb77bcc8db
                                                      • Instruction ID: 7e1d3be28675c36b13ecfb687198f5c9c7c56230309246755d1585cce7b12a58
                                                      • Opcode Fuzzy Hash: ea97ab8a52494e54c484aeb25ca7aa806b99ca5381918ca3b097bdeb77bcc8db
                                                      • Instruction Fuzzy Hash: 2A4177B9D052589FCF10CFA9D984ADEFBB1BB49310F14A02AE818B7210D735A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED638 Relevance: 1.6, APIs: 1, Instructions: 111memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 057ED6F5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: 4b6eeeed33fb21cd21875ad6c17e72bb52ac28e4d4a0ed910aa056902c3e834c
                                                      • Instruction ID: 17dbf7063a279f2245958795bad725dfcb8770b85291c97ee44ddcc14d988bd7
                                                      • Opcode Fuzzy Hash: 4b6eeeed33fb21cd21875ad6c17e72bb52ac28e4d4a0ed910aa056902c3e834c
                                                      • Instruction Fuzzy Hash: 9E4188B9D042589FCF10CFA9D984ADEFBB1BB49310F10A02AE818B7210D735A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EDBD1 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtResumeThread.NTDLL(?,?), ref: 057EDC66
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 8cd2fa5a14bd29ea079afacce81fe6ccdf44fe7d9456c61979141da08184f150
                                                      • Instruction ID: cb83ad6c377e8e109306be1c9932f142b1f340129a44050871bba97f7e85798e
                                                      • Opcode Fuzzy Hash: 8cd2fa5a14bd29ea079afacce81fe6ccdf44fe7d9456c61979141da08184f150
                                                      • Instruction Fuzzy Hash: 4F31CAB5D012189FCB10CFA9D980ADEFBF1BF49310F10942AE814B7210C774A945CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED928 Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtUnmapViewOfSection.NTDLL(?,?), ref: 057ED9B9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: SectionUnmapView
                                                      • String ID:
                                                      • API String ID: 498011366-0
                                                      • Opcode ID: fd587aedbebe1f892dc225f6dac1d8c350aa294e380cbae9c2870452fccbb997
                                                      • Instruction ID: 0d7ee48cc55b014049e6e48c6ad3167d590292445c15006dc10e674ebcf9b200
                                                      • Opcode Fuzzy Hash: fd587aedbebe1f892dc225f6dac1d8c350aa294e380cbae9c2870452fccbb997
                                                      • Instruction Fuzzy Hash: D331A8B4D052589FCB20CFA9D984A9EFBF5BB49310F14942AE805B7200C775A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EDBD8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtResumeThread.NTDLL(?,?), ref: 057EDC66
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 9118f009e5b376251d566b9e3c9fa7caaf521869f80e62bbf8afacc909ca4e1c
                                                      • Instruction ID: c3e325c1b083655e583a31e7a2b3ccf6e7fab59886dd522a5a166d46ba8c9c0e
                                                      • Opcode Fuzzy Hash: 9118f009e5b376251d566b9e3c9fa7caaf521869f80e62bbf8afacc909ca4e1c
                                                      • Instruction Fuzzy Hash: DF3197B5D012189FCB20CFAAD984ADEFBF5BB49310F20942AE819B7310C775A945CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EDA60 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetContextThread.NTDLL(?,?), ref: 057EDAF1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 58324c1584f906329a05bf40b4a1b96dfcb6d3a9d3defaac676f6a798d2d52e6
                                                      • Instruction ID: 7a6c13bf6c65c9b254e7cc0733b39fcf927547563a1fd5f2e415f3bae87c84c8
                                                      • Opcode Fuzzy Hash: 58324c1584f906329a05bf40b4a1b96dfcb6d3a9d3defaac676f6a798d2d52e6
                                                      • Instruction Fuzzy Hash: 0231B8B4D05258DFCB20CFA9D980ADEFBF1BB49310F24942AE805B7210D775A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED930 Relevance: 1.6, APIs: 1, Instructions: 80nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtUnmapViewOfSection.NTDLL(?,?), ref: 057ED9B9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: SectionUnmapView
                                                      • String ID:
                                                      • API String ID: 498011366-0
                                                      • Opcode ID: b425ae65bb9bfc0ec98d08cc59f4013e82bcf25bc8db321f516b452413f1d693
                                                      • Instruction ID: ab0ba5ea6a1f8e31ae990266a81711acfc134b5610264dfdf15ee1cf0b1ca93e
                                                      • Opcode Fuzzy Hash: b425ae65bb9bfc0ec98d08cc59f4013e82bcf25bc8db321f516b452413f1d693
                                                      • Instruction Fuzzy Hash: C331A7B4D052189FCB20CFA9D984A9EFBF1FB49310F20942AE805B7200C775A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EDA68 Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetContextThread.NTDLL(?,?), ref: 057EDAF1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: f58ed05928cb3285954cecdd9bd11af0e95cf6706749048f25f218d2b95659d3
                                                      • Instruction ID: 5974b5680da46cdf8493b9d182f607d0749d45ce702ec300d22d5fe988e85b68
                                                      • Opcode Fuzzy Hash: f58ed05928cb3285954cecdd9bd11af0e95cf6706749048f25f218d2b95659d3
                                                      • Instruction Fuzzy Hash: D131B8B4D05218DFCB20CFA9D980ADEFBF1BB49310F20942AE805B7200D775A945CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590DB50 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Deq
                                                      • API String ID: 0-948982800
                                                      • Opcode ID: da54d1accc65cfa83e129b50e85de07db1a8f41c68616d1a5c2586484138a389
                                                      • Instruction ID: f30ccf91bdad948f61126c086cf2b154106f761e54b5ad64afd271dafc20f350
                                                      • Opcode Fuzzy Hash: da54d1accc65cfa83e129b50e85de07db1a8f41c68616d1a5c2586484138a389
                                                      • Instruction Fuzzy Hash: 04D1B274E00218CFDB54DFA9D984B9DBBB2BF89300F1485AAD409AB365DB31AD81CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05405E2C Relevance: .5, Instructions: 471COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ebadd2f88be8d3fc9664a29a4d47c7a32b6579af2edee25dd4cd786faf23f292
                                                      • Instruction ID: 255fc47744b8600e96d3cce65129cd7044bfb133a18087c1f710a29754030612
                                                      • Opcode Fuzzy Hash: ebadd2f88be8d3fc9664a29a4d47c7a32b6579af2edee25dd4cd786faf23f292
                                                      • Instruction Fuzzy Hash: EC32B574A44229CFCB65DF28C984A99B7B6FF48300F1191EAE50DA7355DB30AE81CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C31960 Relevance: .3, Instructions: 269COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5105fe00a4ffb6f4a0f965f5603fd2242cf956bfb57194194ec0ba308103d1d7
                                                      • Instruction ID: 32f4c3fde0f3b967f9b263a8e72a8472f5aa732892f841cbafd23d3a272a7f21
                                                      • Opcode Fuzzy Hash: 5105fe00a4ffb6f4a0f965f5603fd2242cf956bfb57194194ec0ba308103d1d7
                                                      • Instruction Fuzzy Hash: D1B18334A00244CFCB06EFA5E444BA9B7B2FFC8340F15C969E54A9B2A9DF719D95CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E7860 Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2637d90fcf8498cc3b10b475be9606474560c8e4e7b4108ea6795a122683e344
                                                      • Instruction ID: 806e8f3919373e02775cab4c1e94f1ef17768932e2311c19d34d250b474c4798
                                                      • Opcode Fuzzy Hash: 2637d90fcf8498cc3b10b475be9606474560c8e4e7b4108ea6795a122683e344
                                                      • Instruction Fuzzy Hash: DEC10374E05218CFDB28DFA9D985BADBBF6FB88300F1091AAD409A7354DB305A80CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C31930 Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97f956316854ffe0340b0a780bd9ba27f08184c91633180b7fe69c23a1fce5e6
                                                      • Instruction ID: bb3af6af995822c248d76f3115b034cb8db7e72cdf54ef3bde22c992013aee62
                                                      • Opcode Fuzzy Hash: 97f956316854ffe0340b0a780bd9ba27f08184c91633180b7fe69c23a1fce5e6
                                                      • Instruction Fuzzy Hash: 56A1D930B00244CFD706EFA5E4547A9BBB2FF89300F15C9A9D44A9B2A5DF719C65CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E7851 Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b2286df1c2899b61a7a86cd6f95022b2205e41563cab8433932bb8e3513ff0c3
                                                      • Instruction ID: db87c623e42d3a6521f2c4c051d0af934f6a50f847a7613faed112b49a94764f
                                                      • Opcode Fuzzy Hash: b2286df1c2899b61a7a86cd6f95022b2205e41563cab8433932bb8e3513ff0c3
                                                      • Instruction Fuzzy Hash: 8AC1F374E05218CFDB68DFA9D985BADBBF2FB48300F1091AAD509A7355DB305A84CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05404A37 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d038f39f27afe455107acb67b09e7f286ca4c307fc9e34bca3139beb3df54fe3
                                                      • Instruction ID: 276d732a0c5adf60116afe4afe9e2e2b34fbdad2131263575dd48099dd4951fb
                                                      • Opcode Fuzzy Hash: d038f39f27afe455107acb67b09e7f286ca4c307fc9e34bca3139beb3df54fe3
                                                      • Instruction Fuzzy Hash: F451ABB1E006198BEB18DF6BD94469AFBF7BFC8300F14D1BAD508AA255DB704A818F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B0040 Relevance: 6.6, Strings: 5, Instructions: 354COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 814 57b0040-57b0068 817 57b006e-57b0072 814->817 818 57b0154-57b0179 814->818 819 57b0086-57b008a 817->819 820 57b0074-57b0080 817->820 827 57b0180-57b01a4 818->827 821 57b01ab-57b01d0 819->821 822 57b0090-57b00a7 819->822 820->819 820->827 841 57b01d7-57b020a 821->841 833 57b00bb-57b00bf 822->833 834 57b00a9-57b00b5 822->834 827->821 836 57b00eb-57b0104 833->836 837 57b00c1-57b00da 833->837 834->833 834->841 847 57b012d-57b0151 836->847 848 57b0106-57b012a 836->848 837->836 849 57b00dc-57b00df 837->849 857 57b020c-57b0210 841->857 858 57b0211-57b022a 841->858 853 57b00e8 849->853 853->836 857->858 859 57b022c-57b024c 858->859 860 57b0262-57b0287 858->860 867 57b028e-57b02ca 859->867 868 57b024e-57b025f 859->868 860->867 874 57b02cc-57b02cd 867->874 875 57b02d1-57b02e2 867->875 874->875 876 57b0389-57b03ba 875->876 877 57b02e8-57b02f4 875->877 889 57b03bc-57b03c0 876->889 890 57b03c1-57b03c2 876->890 880 57b02fe-57b0312 877->880 881 57b02f6-57b02fd 877->881 884 57b0381-57b0388 880->884 885 57b0314-57b0339 880->885 902 57b033b-57b0355 885->902 903 57b037c-57b037f 885->903 889->890 892 57b03c9-57b03d7 890->892 893 57b03c4 890->893 896 57b03d9-57b03fd 892->896 897 57b0407-57b040d 892->897 894 57b0373-57b037b 893->894 895 57b03c6 893->895 895->892 896->897 898 57b03ff 896->898 899 57b041f-57b042e 897->899 900 57b040f-57b041c 897->900 898->897 902->903 905 57b0357-57b0360 902->905 903->884 903->885 906 57b036f-57b0372 905->906 907 57b0362-57b0365 905->907 906->894 907->906
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$(bq$(bq$(bq$(bq
                                                      • API String ID: 0-2298650571
                                                      • Opcode ID: c25a034e266ec3fb70e11d65aabca4172f0e14483d2cc486ee2f762ba6b2835e
                                                      • Instruction ID: aa4caae2104a966b3848566166a560f66f3d8d784474b54cd2385edf2c64acc8
                                                      • Opcode Fuzzy Hash: c25a034e266ec3fb70e11d65aabca4172f0e14483d2cc486ee2f762ba6b2835e
                                                      • Instruction Fuzzy Hash: CEC125313042548FDB04DF69D858AAF7BA2FF85311B2581AAE906CB392CE75DC06C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05440048 Relevance: 4.2, Strings: 2, Instructions: 1748COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731317129.0000000005440000.00000040.00000800.00020000.00000000.sdmp, Offset: 05440000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5440000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q
                                                      • API String ID: 0-2697143702
                                                      • Opcode ID: 550845379f3d3f09762633142cf2eebdd793db0b48775d159edcc622efdff9c9
                                                      • Instruction ID: b28d43bbdc256771e59531ea4460da0881d08b7ea9d92b8369e11805707ba334
                                                      • Opcode Fuzzy Hash: 550845379f3d3f09762633142cf2eebdd793db0b48775d159edcc622efdff9c9
                                                      • Instruction Fuzzy Hash: 37E2BE70A893899FE716CBA4DC58BEE7FB1AF06300F158097E245AB2E2C6745C45CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B1F50 Relevance: 4.2, Strings: 3, Instructions: 475COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1538 57b1f50-57b1f78 1541 57b1f7a-57b1fc1 1538->1541 1542 57b1fc6-57b1fd4 1538->1542 1587 57b241d-57b2424 1541->1587 1543 57b1fe3 1542->1543 1544 57b1fd6-57b1fe1 1542->1544 1546 57b1fe5-57b1fec 1543->1546 1544->1546 1548 57b1ff2-57b1ff6 1546->1548 1549 57b20d5-57b20d9 1546->1549 1550 57b1ffc-57b2000 1548->1550 1551 57b2425-57b244d 1548->1551 1553 57b20db-57b20ea 1549->1553 1554 57b212f-57b2139 1549->1554 1555 57b2012-57b2070 call 57b0218 1550->1555 1556 57b2002-57b200c 1550->1556 1559 57b2454-57b247e 1551->1559 1565 57b20ee-57b20f3 1553->1565 1557 57b213b-57b214a 1554->1557 1558 57b2172-57b2198 1554->1558 1597 57b24e3-57b250d 1555->1597 1598 57b2076-57b20d0 1555->1598 1556->1555 1556->1559 1570 57b2150-57b216d 1557->1570 1571 57b2486-57b249c 1557->1571 1576 57b219a-57b21a3 1558->1576 1577 57b21a5 1558->1577 1559->1571 1572 57b20ec 1565->1572 1573 57b20f5-57b212a call 57b1a18 1565->1573 1570->1587 1595 57b24a4-57b24dc 1571->1595 1572->1565 1573->1587 1585 57b21a7-57b21cf 1576->1585 1577->1585 1601 57b22a0-57b22a4 1585->1601 1602 57b21d5-57b21ee 1585->1602 1595->1597 1607 57b250f-57b2515 1597->1607 1608 57b2517-57b251d 1597->1608 1598->1587 1605 57b231e-57b2328 1601->1605 1606 57b22a6-57b22bf 1601->1606 1602->1601 1628 57b21f4-57b2203 1602->1628 1611 57b232a-57b2334 1605->1611 1612 57b2385-57b238e 1605->1612 1606->1605 1632 57b22c1-57b22d0 1606->1632 1607->1608 1609 57b251e-57b255b 1607->1609 1626 57b233a-57b234c 1611->1626 1627 57b2336-57b2338 1611->1627 1616 57b2390-57b23be 1612->1616 1617 57b23c6-57b2413 1612->1617 1616->1617 1638 57b241b 1617->1638 1633 57b234e-57b2350 1626->1633 1627->1633 1640 57b221b-57b2230 1628->1640 1641 57b2205-57b220b 1628->1641 1653 57b22e8-57b22f3 1632->1653 1654 57b22d2-57b22d8 1632->1654 1636 57b237e-57b2383 1633->1636 1637 57b2352-57b2356 1633->1637 1636->1611 1636->1612 1643 57b2358-57b2371 1637->1643 1644 57b2374-57b2377 1637->1644 1638->1587 1651 57b2232-57b225e 1640->1651 1652 57b2264-57b226d 1640->1652 1647 57b220f-57b2211 1641->1647 1648 57b220d 1641->1648 1643->1644 1644->1636 1647->1640 1648->1640 1651->1595 1651->1652 1652->1597 1658 57b2273-57b229a 1652->1658 1653->1597 1655 57b22f9-57b231c 1653->1655 1659 57b22da 1654->1659 1660 57b22dc-57b22de 1654->1660 1655->1605 1655->1632 1658->1601 1658->1628 1659->1653 1660->1653
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hbq$Hbq$Hbq
                                                      • API String ID: 0-2297679979
                                                      • Opcode ID: 5d1fa60719be6048dc82417a0e916af0e52a43a0abca4c5e51ee4cb145255af6
                                                      • Instruction ID: a826e85abe4ebafb073c9e2bb964fd7caec7f8b7ec3eef1a68d085edadf654a7
                                                      • Opcode Fuzzy Hash: 5d1fa60719be6048dc82417a0e916af0e52a43a0abca4c5e51ee4cb145255af6
                                                      • Instruction Fuzzy Hash: BD125E34B002098FDB24DFA5C494AAEBBF2FF88300F158529E5069B795DB71ED46CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B3C08 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1671 57b3c08-57b3c45 1673 57b3c67-57b3c7d call 57b3a10 1671->1673 1674 57b3c47-57b3c4a 1671->1674 1680 57b3ff3-57b4007 1673->1680 1681 57b3c83-57b3c8f 1673->1681 1786 57b3c4c call 57b4578 1674->1786 1787 57b3c4c call 57b4513 1674->1787 1788 57b3c4c call 57b4520 1674->1788 1676 57b3c52-57b3c54 1676->1673 1678 57b3c56-57b3c5e 1676->1678 1678->1673 1688 57b4047-57b4050 1680->1688 1682 57b3dc0-57b3dc7 1681->1682 1683 57b3c95-57b3c98 1681->1683 1685 57b3dcd-57b3dd6 1682->1685 1686 57b3ef6-57b3f30 call 57b3418 1682->1686 1684 57b3c9b-57b3ca4 1683->1684 1690 57b3caa-57b3cbe 1684->1690 1691 57b40e8 1684->1691 1685->1686 1692 57b3ddc-57b3ee8 call 57b3418 call 57b39a8 call 57b3418 1685->1692 1784 57b3f33 call 57b63b0 1686->1784 1785 57b3f33 call 57b63a0 1686->1785 1693 57b4052-57b4059 1688->1693 1694 57b4015-57b401e 1688->1694 1708 57b3db0-57b3dba 1690->1708 1709 57b3cc4-57b3d59 call 57b3a10 * 2 call 57b3418 call 57b39a8 call 57b3a50 call 57b3af8 call 57b3b60 1690->1709 1696 57b40ed-57b40f1 1691->1696 1782 57b3eea 1692->1782 1783 57b3ef3 1692->1783 1697 57b405b-57b409e call 57b3418 1693->1697 1698 57b40a7-57b40ae 1693->1698 1694->1691 1702 57b4024-57b4036 1694->1702 1699 57b40fc 1696->1699 1700 57b40f3 1696->1700 1697->1698 1704 57b40d3-57b40e6 1698->1704 1705 57b40b0-57b40c0 1698->1705 1714 57b40fd 1699->1714 1700->1699 1718 57b4038-57b403d 1702->1718 1719 57b4046 1702->1719 1704->1696 1705->1704 1721 57b40c2-57b40ca 1705->1721 1708->1682 1708->1684 1763 57b3d5b-57b3d73 call 57b3af8 call 57b3418 call 57b36c8 1709->1763 1764 57b3d78-57b3dab call 57b3b60 1709->1764 1714->1714 1789 57b4040 call 57b6b50 1718->1789 1790 57b4040 call 57b6b40 1718->1790 1719->1688 1721->1704 1730 57b3f39-57b3fea call 57b3418 1730->1680 1763->1764 1764->1708 1782->1783 1783->1686 1784->1730 1785->1730 1786->1676 1787->1676 1788->1676 1789->1719 1790->1719
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q$4'^q
                                                      • API String ID: 0-1196845430
                                                      • Opcode ID: 4413d993e8a32b6496fcc74c4b1855e582a388f7f401fd6d8f777dd0b3eaad7d
                                                      • Instruction ID: b0f8c94f9b406707d6734192f9873452c3c54d4d11cd1ac172704bf69112cf1d
                                                      • Opcode Fuzzy Hash: 4413d993e8a32b6496fcc74c4b1855e582a388f7f401fd6d8f777dd0b3eaad7d
                                                      • Instruction Fuzzy Hash: 56F1DA34B50218DFDB04DFA4D998A9DBBB2FF89300F118559E806AB365DB71ED82CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B81E0 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1791 57b81e0-57b81f0 1792 57b8309-57b832e 1791->1792 1793 57b81f6-57b81fa 1791->1793 1795 57b8335-57b835a 1792->1795 1794 57b8200-57b8209 1793->1794 1793->1795 1796 57b820f-57b8236 1794->1796 1797 57b8361-57b8397 1794->1797 1795->1797 1808 57b82fe-57b8308 1796->1808 1809 57b823c-57b823e 1796->1809 1815 57b839e-57b83ac 1797->1815 1810 57b825f-57b8261 1809->1810 1811 57b8240-57b8243 1809->1811 1813 57b8264-57b8268 1810->1813 1814 57b8249-57b8253 1811->1814 1811->1815 1818 57b826a-57b8279 1813->1818 1819 57b82c9-57b82d5 1813->1819 1814->1815 1816 57b8259-57b825d 1814->1816 1823 57b83ae 1815->1823 1824 57b8414-57b8416 1815->1824 1816->1810 1816->1813 1818->1815 1827 57b827f-57b82c6 1818->1827 1819->1815 1820 57b82db-57b82f8 1819->1820 1820->1808 1820->1809 1828 57b83b0-57b83b4 1823->1828 1829 57b83b5-57b83f4 1823->1829 1825 57b8418-57b842f 1824->1825 1837 57b8520-57b8530 1825->1837 1838 57b8435-57b851b call 57b3a10 call 57b3418 * 2 call 57b3a50 call 57b7218 call 57b3418 call 57b63b0 call 57b42b8 1825->1838 1827->1819 1828->1829 1829->1825 1839 57b83f6-57b840a 1829->1839 1846 57b861e-57b863a call 57b3418 1837->1846 1847 57b8536-57b8610 call 57b3a10 * 2 call 57b41c8 call 57b3418 * 2 call 57b36c8 call 57b3b60 call 57b3418 1837->1847 1838->1837 1909 57b840d call 57b88f8 1839->1909 1910 57b840d call 57b875f 1839->1910 1911 57b840d call 57b8770 1839->1911 1854 57b8643-57b864e 1846->1854 1906 57b861b 1847->1906 1907 57b8612 1847->1907 1849 57b8413 1849->1854 1863 57b867d-57b869e call 57b3b60 1854->1863 1864 57b8650-57b8660 1854->1864 1874 57b8662-57b8668 1864->1874 1875 57b8670-57b8678 call 57b42b8 1864->1875 1874->1875 1875->1863 1906->1846 1907->1906 1909->1849 1910->1849 1911->1849
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$(bq$Hbq
                                                      • API String ID: 0-2835675688
                                                      • Opcode ID: aaff7ea24953bc5cefc25d714349b55ec21f94200407e18577bac1f57411d4c5
                                                      • Instruction ID: acf4a2c36e40d16bb483d22299853a6d6b9324a2ffbc347c111ab29e0fe66ab6
                                                      • Opcode Fuzzy Hash: aaff7ea24953bc5cefc25d714349b55ec21f94200407e18577bac1f57411d4c5
                                                      • Instruction Fuzzy Hash: 66E14E34A00209DFDB04EF64D4949ADBBB6FF89310F118569E902AB365DF70ED82CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B1600 Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2397 57b1600-57b1612 2398 57b163c-57b1640 2397->2398 2399 57b1614 2397->2399 2400 57b164c-57b165b 2398->2400 2401 57b1642-57b1644 2398->2401 2404 57b161e-57b1635 2399->2404 2402 57b165d-57b1664 2400->2402 2403 57b1667-57b1693 2400->2403 2401->2400 2408 57b169a 2402->2408 2409 57b1666 2402->2409 2410 57b1699 2403->2410 2411 57b18c0-57b18c8 2403->2411 2404->2398 2408->2404 2412 57b169c-57b169f 2408->2412 2409->2403 2410->2408 2419 57b18ca 2411->2419 2420 57b18ec-57b1907 2411->2420 2415 57b16a2-57b16a4 2412->2415 2416 57b1771-57b1775 2412->2416 2421 57b16a5-57b16ab 2415->2421 2417 57b1798-57b17a1 2416->2417 2418 57b1777-57b1780 2416->2418 2423 57b17a3-57b17c3 2417->2423 2424 57b17c6-57b17c9 2417->2424 2418->2411 2422 57b1786-57b1796 2418->2422 2425 57b18cc-57b18d0 2419->2425 2426 57b18d1-57b18eb 2419->2426 2441 57b1909 2420->2441 2442 57b191d-57b1929 2420->2442 2421->2411 2427 57b16ac-57b16be 2421->2427 2429 57b17cc-57b17d2 2422->2429 2423->2424 2424->2429 2425->2426 2426->2420 2430 57b1750-57b1759 2427->2430 2431 57b16c4-57b16cd 2427->2431 2429->2411 2435 57b17d8-57b17eb 2429->2435 2430->2411 2433 57b175f-57b176b 2430->2433 2431->2411 2432 57b16d3-57b16eb 2431->2432 2437 57b16ed 2432->2437 2438 57b16f7-57b1709 2432->2438 2433->2416 2433->2421 2435->2411 2440 57b17f1-57b1801 2435->2440 2437->2438 2438->2430 2452 57b170b-57b1711 2438->2452 2440->2411 2444 57b1807-57b1814 2440->2444 2446 57b190c-57b190e 2441->2446 2448 57b192b 2442->2448 2449 57b1935-57b1951 2442->2449 2444->2411 2445 57b181a-57b182f 2444->2445 2445->2411 2458 57b1835-57b1858 2445->2458 2450 57b1952-57b195a 2446->2450 2451 57b1910-57b191b 2446->2451 2448->2449 2460 57b195c-57b1960 2450->2460 2461 57b1961-57b197f 2450->2461 2451->2442 2451->2446 2454 57b171d-57b1723 2452->2454 2455 57b1713 2452->2455 2454->2411 2459 57b1729-57b174d 2454->2459 2455->2454 2458->2411 2466 57b185a-57b1865 2458->2466 2460->2461 2467 57b1981-57b1987 2461->2467 2468 57b1997-57b1999 2461->2468 2469 57b1867-57b1871 2466->2469 2470 57b18b6-57b18bd 2466->2470 2471 57b198b-57b198d 2467->2471 2472 57b1989 2467->2472 2493 57b199b call 57b1a18 2468->2493 2494 57b199b call 57b1a08 2468->2494 2495 57b199b call 57b2bd8 2468->2495 2496 57b199b call 57b2ba1 2468->2496 2469->2470 2475 57b1873-57b1889 2469->2475 2471->2468 2472->2468 2474 57b19a1-57b19a5 2476 57b19f0-57b1a00 2474->2476 2477 57b19a7-57b19be 2474->2477 2481 57b188b 2475->2481 2482 57b1895-57b18ae 2475->2482 2477->2476 2485 57b19c0-57b19ca 2477->2485 2481->2482 2482->2470 2488 57b19dd-57b19ed 2485->2488 2489 57b19cc-57b19db 2485->2489 2489->2488 2493->2474 2494->2474 2495->2474 2496->2474
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$d
                                                      • API String ID: 0-3334038649
                                                      • Opcode ID: cbe16b26921d90db568059e61e175e07cb22b78dd254f70055df1c50f39abcbd
                                                      • Instruction ID: 24f7adfaba1351cee5c813fa4c74f7cb64f1691561f90d661ccd1b412fd211c2
                                                      • Opcode Fuzzy Hash: cbe16b26921d90db568059e61e175e07cb22b78dd254f70055df1c50f39abcbd
                                                      • Instruction Fuzzy Hash: C0D17E34600606CFDB14CF29C594AAABBF2FF88324B59C569D45A9B361DB70FC45CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 054417B0 Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2497 54417b0-54417d5 2498 54417d7 2497->2498 2499 54417dc-5441800 2497->2499 2498->2499 2500 5441821 2499->2500 2501 5441802-544180b 2499->2501 2504 5441824-5441828 2500->2504 2502 5441812-5441815 2501->2502 2503 544180d-5441810 2501->2503 2505 544181f 2502->2505 2503->2505 2506 5441b1d-5441b34 2504->2506 2505->2504 2508 544182d-5441831 2506->2508 2509 5441b3a-5441b3e 2506->2509 2510 5441836-544183a 2508->2510 2511 5441833-5441890 2508->2511 2512 5441b67-5441b6b 2509->2512 2513 5441b40-5441b64 2509->2513 2515 5441863-5441887 2510->2515 2516 544183c-5441860 2510->2516 2519 5441895-5441899 2511->2519 2520 5441892-5441903 2511->2520 2517 5441b8c 2512->2517 2518 5441b6d-5441b76 2512->2518 2513->2512 2515->2506 2516->2515 2524 5441b8f-5441b95 2517->2524 2521 5441b7d-5441b80 2518->2521 2522 5441b78-5441b7b 2518->2522 2527 54418c2-54418e9 2519->2527 2528 544189b-54418bf 2519->2528 2531 5441905-5441962 2520->2531 2532 5441908-544190c 2520->2532 2526 5441b8a 2521->2526 2522->2526 2526->2524 2554 54418f9-54418fa 2527->2554 2555 54418eb-54418f1 2527->2555 2528->2527 2541 5441964-54419c0 2531->2541 2542 5441967-544196b 2531->2542 2535 5441935-5441959 2532->2535 2536 544190e-5441932 2532->2536 2535->2506 2536->2535 2552 54419c5-54419c9 2541->2552 2553 54419c2-5441a24 2541->2553 2545 5441994-5441997 2542->2545 2546 544196d-5441991 2542->2546 2562 544199f-54419b7 2545->2562 2546->2545 2557 54419f2-5441a0a 2552->2557 2558 54419cb-54419ef 2552->2558 2564 5441a26-5441a88 2553->2564 2565 5441a29-5441a2d 2553->2565 2554->2506 2555->2554 2576 5441a0c-5441a12 2557->2576 2577 5441a1a-5441a1b 2557->2577 2558->2557 2562->2506 2574 5441a8d-5441a91 2564->2574 2575 5441a8a-5441ae9 2564->2575 2567 5441a56-5441a6e 2565->2567 2568 5441a2f-5441a53 2565->2568 2587 5441a70-5441a76 2567->2587 2588 5441a7e-5441a7f 2567->2588 2568->2567 2579 5441a93-5441ab7 2574->2579 2580 5441aba-5441ad2 2574->2580 2585 5441b12-5441b15 2575->2585 2586 5441aeb-5441b0f 2575->2586 2576->2577 2577->2506 2579->2580 2594 5441ad4-5441ada 2580->2594 2595 5441ae2-5441ae3 2580->2595 2585->2506 2586->2585 2587->2588 2588->2506 2594->2595 2595->2506
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731317129.0000000005440000.00000040.00000800.00020000.00000000.sdmp, Offset: 05440000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5440000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q
                                                      • API String ID: 0-2697143702
                                                      • Opcode ID: 4701786a6d2d3dae6442c2ac600879f6aba2566de37f5ff2f072a0ee14e95343
                                                      • Instruction ID: ef6cc424eca0223c5f4a268af0aeacc58bd16f70af39fccfd26fe118f7bf8c5f
                                                      • Opcode Fuzzy Hash: 4701786a6d2d3dae6442c2ac600879f6aba2566de37f5ff2f072a0ee14e95343
                                                      • Instruction Fuzzy Hash: 39D1A074E50318DFEB19DFA8E498AEDBBB2FB49301F10916AE806A7350DB305885CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558D9C8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2731 558d9c8-558d9da 2732 558dace-558daf3 2731->2732 2733 558d9e0-558d9e2 2731->2733 2735 558dafa-558db1e 2732->2735 2734 558d9e8-558d9f4 2733->2734 2733->2735 2739 558da08-558da18 2734->2739 2740 558d9f6-558da02 2734->2740 2747 558db25-558db49 2735->2747 2739->2747 2748 558da1e-558da2c 2739->2748 2740->2739 2740->2747 2751 558db50-558dbd5 call 558ae68 2747->2751 2748->2751 2752 558da32-558da37 2748->2752 2779 558dbda-558dbe8 call 558cd10 2751->2779 2786 558da39 call 558d9c8 2752->2786 2787 558da39 call 558d9b8 2752->2787 2788 558da39 call 558dbc8 2752->2788 2755 558da3f-558da7c 2767 558da84-558da88 2755->2767 2769 558da8a-558daa3 2767->2769 2770 558daab-558dacb call 558bb10 2767->2770 2769->2770 2782 558dbea-558dbf0 2779->2782 2783 558dc00-558dc02 2779->2783 2784 558dbf2 2782->2784 2785 558dbf4-558dbf6 2782->2785 2784->2783 2785->2783 2786->2755 2787->2755 2788->2755
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$Hbq
                                                      • API String ID: 0-4081012451
                                                      • Opcode ID: ffd13ec872d735a20f83f9aae768595c551528a9d5d08f13c6fa3d94d431c509
                                                      • Instruction ID: 4adab9b1a116a3ad6930e1b9080bd53ee8ea551d330bcc8b446b68b57ec6f869
                                                      • Opcode Fuzzy Hash: ffd13ec872d735a20f83f9aae768595c551528a9d5d08f13c6fa3d94d431c509
                                                      • Instruction Fuzzy Hash: 1C519A307402048FCB58AF78C454A3EBBB2FF84351B658569E9069B3A0DF31EC46CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B9430 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2789 57b9430-57b9432 2790 57b9439-57b943a 2789->2790 2791 57b9434-57b9438 2789->2791 2792 57b943c-57b943e 2790->2792 2793 57b9441-57b945a 2790->2793 2791->2790 2792->2793 2795 57b948f-57b94b4 2793->2795 2796 57b945c-57b9473 2793->2796 2803 57b94bb-57b9501 2795->2803 2835 57b9476 call 57b2788 2796->2835 2836 57b9476 call 57b2b08 2796->2836 2837 57b9476 call 57b2ba1 2796->2837 2802 57b947c-57b947e 2802->2803 2804 57b9480-57b948c 2802->2804 2812 57b9503-57b950a 2803->2812 2813 57b9580-57b9581 2803->2813 2814 57b950c-57b950e 2812->2814 2815 57b9511-57b953e 2812->2815 2816 57b9583-57b958a 2813->2816 2817 57b9600-57b9614 2813->2817 2814->2815 2818 57b958c 2816->2818 2819 57b9591-57b95a1 2816->2819 2818->2819 2821 57b95a3-57b95a9 2819->2821 2822 57b9620-57b9627 2819->2822 2824 57b9628-57b9629 2821->2824 2826 57b95ab-57b95b5 2821->2826 2822->2824 2828 57b962b-57b9644 2824->2828 2829 57b96a8-57b96b1 2824->2829 2830 57b96b3-57b96b9 2829->2830 2831 57b9730-57b9732 2829->2831 2833 57b96bb-57b96c3 2830->2833 2834 57b9738-57b9744 2830->2834 2831->2834 2835->2802 2836->2802 2837->2802
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$Hbq
                                                      • API String ID: 0-4081012451
                                                      • Opcode ID: 0a0c21e511248f1ac98178a482daedf8e1f7c915e61e02fdd209408fce65c618
                                                      • Instruction ID: ee6b52be9fd5fccbe94baf273568fb2914479ab06e39f3ce917849da9a4ceb70
                                                      • Opcode Fuzzy Hash: 0a0c21e511248f1ac98178a482daedf8e1f7c915e61e02fdd209408fce65c618
                                                      • Instruction Fuzzy Hash: 8341FF726092804FDB029B74D9517AD7FB2EF83250F1840E7D248DB3A3DA29890AC362
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 058F22A3 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: n$|
                                                      • API String ID: 0-357819273
                                                      • Opcode ID: 931834770e7cc612f32cccadaa4f6fffc1960c6cce5e1981f4ed458ed9b4f829
                                                      • Instruction ID: 417c8cf3ba031799514460d816f1ea2467a66fa43395a0339cd076381c7ec432
                                                      • Opcode Fuzzy Hash: 931834770e7cc612f32cccadaa4f6fffc1960c6cce5e1981f4ed458ed9b4f829
                                                      • Instruction Fuzzy Hash: 4E118674D1522DCEDB64DF24C998BD8B6B1BB08305F1092EAD61DA3280DB781EC8DF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05582C5C Relevance: 2.5, Strings: 2, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *$}
                                                      • API String ID: 0-365426179
                                                      • Opcode ID: ab3a2c003c489827fbc955b373435b8cbcc381851e1ca0204260d08e44dc7f41
                                                      • Instruction ID: 50c6f252ed82314e205b3afe91722bb2f6a77caa32587b6ddff94f45ebcdcbd8
                                                      • Opcode Fuzzy Hash: ab3a2c003c489827fbc955b373435b8cbcc381851e1ca0204260d08e44dc7f41
                                                      • Instruction Fuzzy Hash: 1D015874955629CFDB64DF24DD49BA9BBB1FB09306F1040EA981DA3251DB701E848F01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05582CF8 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *$}
                                                      • API String ID: 0-365426179
                                                      • Opcode ID: 51684454f293ed0a32179d9eec842c3dfcfa22bf765b790120b50d1576ce4733
                                                      • Instruction ID: 8cdb9cc2f93cfca2914ed0c72fead9b12dc9aae8c7abc4572a03f627c5d608c2
                                                      • Opcode Fuzzy Hash: 51684454f293ed0a32179d9eec842c3dfcfa22bf765b790120b50d1576ce4733
                                                      • Instruction Fuzzy Hash: 7201AF7494562ACFDB60DF14C949BA9BBB2BB09305F1054E6D41DB3292D7304E848F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B4AE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,bq
                                                      • API String ID: 0-2474004448
                                                      • Opcode ID: c4edf866c476d2f8409dce412fc55d09d78a11aba78ddf214ae78c7bc496fa39
                                                      • Instruction ID: 0b4cae1cf3d2b62e19b1695a4853e29576f05fde22e79bcc6e1336fca931be64
                                                      • Opcode Fuzzy Hash: c4edf866c476d2f8409dce412fc55d09d78a11aba78ddf214ae78c7bc496fa39
                                                      • Instruction Fuzzy Hash: BB520A75A002288FDB64DF68C981BEDBBF6FB88300F1541D9E509A7391DA719E81CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558EF80 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (_^q
                                                      • API String ID: 0-538443824
                                                      • Opcode ID: dcbba0da9c8972b351883fa557357d96bd67b3f08e9f12ad13f6905fac8f8557
                                                      • Instruction ID: 0922d921844d41403f1efcdd04d4fade94f7941cb65f9a62216fb1e2aa01cc6d
                                                      • Opcode Fuzzy Hash: dcbba0da9c8972b351883fa557357d96bd67b3f08e9f12ad13f6905fac8f8557
                                                      • Instruction Fuzzy Hash: 6B228E35A002189FDB04EFA8D485A7DB7B2FF88310F158559E906EB3A5DB75ED40CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED0F4 Relevance: 1.8, APIs: 1, Instructions: 272processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 057ED385
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 76ad4cb6be0f629906ef8262caaad1246dff480b1f3e2157c65c9c2ac9495a7e
                                                      • Instruction ID: 8941cd1bbb2fe3f53e98499b20728d30c1eb998c9f37a1559ab461f9220f1497
                                                      • Opcode Fuzzy Hash: 76ad4cb6be0f629906ef8262caaad1246dff480b1f3e2157c65c9c2ac9495a7e
                                                      • Instruction Fuzzy Hash: DEA102B0D04318CFDB20CFA9C845BEEBBF2BB49314F149169E858A7281DB749985DF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED100 Relevance: 1.8, APIs: 1, Instructions: 268processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 057ED385
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: cd628341bcac24082cf83b5bb619757b30cc881b3931b12b4f44ea7601c653c3
                                                      • Instruction ID: f69dc0cf626432e654ef118b7592d28d4a0edcb989e91309dcd4ab6c3d30799b
                                                      • Opcode Fuzzy Hash: cd628341bcac24082cf83b5bb619757b30cc881b3931b12b4f44ea7601c653c3
                                                      • Instruction Fuzzy Hash: 20A102B0D04318CFDB20CFA9C845BEEBBF2BB49304F149169E858A7240D7749985DF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B5967 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $^q
                                                      • API String ID: 0-388095546
                                                      • Opcode ID: 4a5be277d6f61084e66f3b88f6f0f63dcdc22235cb44b5f0f027858f7a5ab073
                                                      • Instruction ID: 33d3c2f3b588712c79e43c6dedded157e75662e51fb3b89f308614fe3525c4b4
                                                      • Opcode Fuzzy Hash: 4a5be277d6f61084e66f3b88f6f0f63dcdc22235cb44b5f0f027858f7a5ab073
                                                      • Instruction Fuzzy Hash: BBF1C5717042068FE724DF28C455BBEBBB2EF88310F15456AE682CF391EA75C941DB22
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED4C8 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 057ED57F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 40080b4d7299b08f335b5c359ce4e5b22f3179051db00ee6697020e27246ac78
                                                      • Instruction ID: 5b6f4a0fa6e83dbda5462d3724b086339f114dd2d773f6589037d0b386fa39a5
                                                      • Opcode Fuzzy Hash: 40080b4d7299b08f335b5c359ce4e5b22f3179051db00ee6697020e27246ac78
                                                      • Instruction Fuzzy Hash: 6441C9B8D042589FCF10CFAAD980AEEFBB1BB49310F10902AE814B7210C734A946CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057ED4D0 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 057ED57F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 72fa6c4d29238174f4302e85646dd90da8e4fbacbceb710a41a7a6e30058f59d
                                                      • Instruction ID: ca87ff6525b0b692d37fff69fec7f0e373e1b24b6e4517b793dbc0f54d6b523c
                                                      • Opcode Fuzzy Hash: 72fa6c4d29238174f4302e85646dd90da8e4fbacbceb710a41a7a6e30058f59d
                                                      • Instruction Fuzzy Hash: E641BBB9D04258DFCF10CFAAD980AEEFBB1BB59310F10902AE815B7210D735A945CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05401100 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 054011AC
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 6d4f7d61b79c679c27d5a45e792e7cba957207676850ff0307fa656fb4701c39
                                                      • Instruction ID: 7dc2d93093eb70041f0ffd7a1da9749897ea20cbc3e08ce574fc71d3be52f918
                                                      • Opcode Fuzzy Hash: 6d4f7d61b79c679c27d5a45e792e7cba957207676850ff0307fa656fb4701c39
                                                      • Instruction Fuzzy Hash: 2A31B8B8D012489FCB14CFA9D980AEEFBB1BF49310F24A42AE815B7210D735A945CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05401108 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 054011AC
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 64a1f895bb0601fa703885abe1250cec34be545b7684853fc87b595bd6d9b80d
                                                      • Instruction ID: 9bb43cda8c06687df2e7a822ee7b795aa0ea8b07db18bf8525962ae1ec3a7c12
                                                      • Opcode Fuzzy Hash: 64a1f895bb0601fa703885abe1250cec34be545b7684853fc87b595bd6d9b80d
                                                      • Instruction Fuzzy Hash: 2F31A9B8D012589FCF14CFA9D980ADEFBB1BF49310F20A02AE815B7210D735A945CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B4ABF Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,bq
                                                      • API String ID: 0-2474004448
                                                      • Opcode ID: af3daab4a642e0e8562444af1ea30208644c73d6ff3ff47e907b17f7868087ac
                                                      • Instruction ID: 4c4f81c56f17eb8961416db0295d668cd07c25be4dd8b3c5520973ba5336acf7
                                                      • Opcode Fuzzy Hash: af3daab4a642e0e8562444af1ea30208644c73d6ff3ff47e907b17f7868087ac
                                                      • Instruction Fuzzy Hash: 38C15C71A002188FDB14CF68C985BEDBBF6BF88300F158099E509AB3A1DA71DD81CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8770 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq
                                                      • API String ID: 0-149360118
                                                      • Opcode ID: 8568156ae38caf0e2e424577503f0676b0785d422835ced4b95262c33466002c
                                                      • Instruction ID: b5be07ab744a8aaf8add2445cf5101e3e6e62879b31d61423188c08bdaec8894
                                                      • Opcode Fuzzy Hash: 8568156ae38caf0e2e424577503f0676b0785d422835ced4b95262c33466002c
                                                      • Instruction Fuzzy Hash: B2A18F317042049FD7159F64D858B6A7BB7FF89310F1581A9E60A8B3A2CB72EC42DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B3BF8 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: 7164d9ff415802d815dd87691b0f43748408ddf7113d2ff83161f16e92d575f0
                                                      • Instruction ID: f1b4e60d40da19a17b5bdd08a0a530946e55b76d9d0e5914b2f756bcdaa6479f
                                                      • Opcode Fuzzy Hash: 7164d9ff415802d815dd87691b0f43748408ddf7113d2ff83161f16e92d575f0
                                                      • Instruction Fuzzy Hash: EDA1FA34B10618DFDB04DFA4D898A9DBBB2FF89300F518559E806AB365DB70AD82CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B982B Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq
                                                      • API String ID: 0-149360118
                                                      • Opcode ID: 27ba540784a539bc36c968fd1bcc1d78c136413dfff025bd6446f19fe11d16aa
                                                      • Instruction ID: 219a774659d04c2cf379912232127dbeb96e6268c0b56ea1d271d1e59d4d63e6
                                                      • Opcode Fuzzy Hash: 27ba540784a539bc36c968fd1bcc1d78c136413dfff025bd6446f19fe11d16aa
                                                      • Instruction Fuzzy Hash: 8771B171B00A068FDB10EF68C4C4AAEB7B6FF84300B508569D616DB364EF74E946CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B7400 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: 9a0a701a8e7c83575d5aa9c10d89167e603bf892f1bc7cc1d7985a58feaa33c7
                                                      • Instruction ID: 001a890dea45643b5a2e4060d75695d1e0200b8aefafabfa44cd5164aeb103a6
                                                      • Opcode Fuzzy Hash: 9a0a701a8e7c83575d5aa9c10d89167e603bf892f1bc7cc1d7985a58feaa33c7
                                                      • Instruction Fuzzy Hash: 7F713D30B402189FEB18DF64C998BAE7BB6EF88710F108458E506AB395CF75DD42DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B7827 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: 974973b92018f55400da93b711062faa5779db026f23e16d8ced3e53c52846d1
                                                      • Instruction ID: 29accce77ff047e5fe76b6e2465fd3b45d926c3206d88ed7ebd710fa00c75f8e
                                                      • Opcode Fuzzy Hash: 974973b92018f55400da93b711062faa5779db026f23e16d8ced3e53c52846d1
                                                      • Instruction Fuzzy Hash: B861C430B106149FDB08EF65C858ABDB7B6FFC9710B10456AE406AB355CFB0AC42DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A6F0 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq
                                                      • API String ID: 0-149360118
                                                      • Opcode ID: bbea8e4e83209a2f4f5a0793f5a5e51b9879fe8d5c3e81ba5877f6a791ed1c74
                                                      • Instruction ID: 58a53ea3263f3f3a11a2623ca08ea2434068228bace0c29199dda2d9e77aea58
                                                      • Opcode Fuzzy Hash: bbea8e4e83209a2f4f5a0793f5a5e51b9879fe8d5c3e81ba5877f6a791ed1c74
                                                      • Instruction Fuzzy Hash: 2E519235B006168FCB00DF58D48497AFBB6FF85320B55856AE919A7241D730FC52CBD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589730 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: pbq
                                                      • API String ID: 0-3896149868
                                                      • Opcode ID: 24754ddf251feb9527eb04a1f990c17285aa46192abbcc47b2704766aeabc0ad
                                                      • Instruction ID: c9aca596ecff949482e1caa58980db5237da9e2e91552c9312a2cc7e96ac122d
                                                      • Opcode Fuzzy Hash: 24754ddf251feb9527eb04a1f990c17285aa46192abbcc47b2704766aeabc0ad
                                                      • Instruction Fuzzy Hash: C4514D76600104AFCB459FA8C945D697BF7FF8D31471A8098E6099B276DA32DC21EB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B72A0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: e40e8ed7210af18341f2d395df76040a2894decfceb7da5ab1eff596747fea71
                                                      • Instruction ID: 05dfa5ecf9c33fdce7cb6869a335eec46e4c067eb8096dcd86669f236f334638
                                                      • Opcode Fuzzy Hash: e40e8ed7210af18341f2d395df76040a2894decfceb7da5ab1eff596747fea71
                                                      • Instruction Fuzzy Hash: 8F41A1753406049FD708DB68C999F6A7BE6EFC8710F1045A8E50A8B3A5CE72EC42C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055800D8 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %mA
                                                      • API String ID: 0-3293700497
                                                      • Opcode ID: a6584cc3ffc4b956c75da1e5976912bcd18b6b5fd5dcd8e5d92ae951f1d07f71
                                                      • Instruction ID: 42a46e0da7030cc2394bc3c4bb57d7f9ff492003a84251c18cef779ab2ae3c92
                                                      • Opcode Fuzzy Hash: a6584cc3ffc4b956c75da1e5976912bcd18b6b5fd5dcd8e5d92ae951f1d07f71
                                                      • Instruction Fuzzy Hash: 0B51C970D01219DFDB18DFB9D954AADBBB2BF49304F20802AD416BB3A0DB709945CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2C78 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: 83bee12b7ed1e6afa89d1090875a783988a7c8346ad5db7a30207312665f28a8
                                                      • Instruction ID: e2a651f7c00f57d1a706063a0915c65faac945a1c3febd3b048a643f6b92ac7c
                                                      • Opcode Fuzzy Hash: 83bee12b7ed1e6afa89d1090875a783988a7c8346ad5db7a30207312665f28a8
                                                      • Instruction Fuzzy Hash: 9431333AB401059FCF15CF94D858BA9BBB7FF88310B1540A9E9059B372CAB2DC12DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055800C8 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %mA
                                                      • API String ID: 0-3293700497
                                                      • Opcode ID: c62532c50d858e619c5875aa7e3afcd7a65cbc94677a7244cb775d7ac2c54621
                                                      • Instruction ID: 0e1ffd9d4972137c78aea7db888eafcc1dbcfae60689a72e8c25ce5806f4246c
                                                      • Opcode Fuzzy Hash: c62532c50d858e619c5875aa7e3afcd7a65cbc94677a7244cb775d7ac2c54621
                                                      • Instruction Fuzzy Hash: C241C870D01218DFDB58DFB9D9546ADBBB2BF49314F20812AD41AAB261DB309946CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B72B0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: e2ba7e72f89f9ddb97c4ea0cf1299521bb3fed471fd571e4b161e451c9e909d0
                                                      • Instruction ID: 744792a1b0ef5d8bafb5062e11116fad04d7bc9db156d6d727d3167a5bb03937
                                                      • Opcode Fuzzy Hash: e2ba7e72f89f9ddb97c4ea0cf1299521bb3fed471fd571e4b161e451c9e909d0
                                                      • Instruction Fuzzy Hash: 95315E353406049FD708DB68C998F6A77EAFBC8710F104568E60A8B3A5CE72EC42CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558DF48 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hbq
                                                      • API String ID: 0-1245868
                                                      • Opcode ID: 43fc361170680c27fed083827d5647ff839509ae4d301359df847fc6162d75a5
                                                      • Instruction ID: 2404e18aa80c42f060e5283c9214e3cbd3aaeeb7ad1e116ee22f46384389997f
                                                      • Opcode Fuzzy Hash: 43fc361170680c27fed083827d5647ff839509ae4d301359df847fc6162d75a5
                                                      • Instruction Fuzzy Hash: 4831FF31B402089FC704EF68D854A6EBBB6FF85710B5140A9E9099B7A1CF31EC46CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 054022C8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0540236F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: ae86072707419e532800aa3a4f0aa26ed83b3f093a33de1f2bd34880e1768188
                                                      • Instruction ID: df5028ba891a460a2cc2e6b4c6080dc4f00149b3efe56df858c1755cf60206a9
                                                      • Opcode Fuzzy Hash: ae86072707419e532800aa3a4f0aa26ed83b3f093a33de1f2bd34880e1768188
                                                      • Instruction Fuzzy Hash: BA31A7B9D042589FCF10CFA9D984AEEFBB1BF09310F24A42AE814B7250D735A945CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 054022D0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0540236F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 9731f7907d1fa88bc627e97132ecbac74217a35e47373bc68a9d94a91e187ac4
                                                      • Instruction ID: dcd3fbf69976233fc612d1a68cead25e0bc6e608bc8171e5a9c5cccf5da26705
                                                      • Opcode Fuzzy Hash: 9731f7907d1fa88bc627e97132ecbac74217a35e47373bc68a9d94a91e187ac4
                                                      • Instruction Fuzzy Hash: FC31B8B8D042589FCF10CFA9D884ADEFBB1BB49310F20A02AE814B7250C775A945CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B7898 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q
                                                      • API String ID: 0-1614139903
                                                      • Opcode ID: da2a8ec50d7cb5770671590287901fb926390a19cc26c490fc753c6e854e35e0
                                                      • Instruction ID: 642650cf58e184644478f01ab02e085129a18025205203becf9d150ae87c53bf
                                                      • Opcode Fuzzy Hash: da2a8ec50d7cb5770671590287901fb926390a19cc26c490fc753c6e854e35e0
                                                      • Instruction Fuzzy Hash: 5E219330B105089BEF08ABA9885CBFDB7ABEBC9710F104429D006EB395CEF45D46A751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558E2E0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: p<^q
                                                      • API String ID: 0-1680888324
                                                      • Opcode ID: cb6b042c1de6dd1fc147797cd631322f115565051b984e67807e5efd942bdd5f
                                                      • Instruction ID: dded20a116591cc4ec6d0107209c19f33dcb59a50b10ec1d249bf2f296ad73d7
                                                      • Opcode Fuzzy Hash: cb6b042c1de6dd1fc147797cd631322f115565051b984e67807e5efd942bdd5f
                                                      • Instruction Fuzzy Hash: 562138313081589FCB05EF2AC845AAA7BFABF8A211B094095FC45DB261CA35EC51CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589AD9 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: x
                                                      • API String ID: 0-2890206012
                                                      • Opcode ID: 07f9c21f80789b0849a1c38574bba65d0ee06d3250086713d181fa42726cd718
                                                      • Instruction ID: 838dda1214ef1db1c285e3869e4dbfd1419dd8adc5134f522e6bd48618955992
                                                      • Opcode Fuzzy Hash: 07f9c21f80789b0849a1c38574bba65d0ee06d3250086713d181fa42726cd718
                                                      • Instruction Fuzzy Hash: CA214C31A00208DFCB15DF68D4549EEBFB2FB8C321F149169E811B7394DB719885CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558E2D0 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: p<^q
                                                      • API String ID: 0-1680888324
                                                      • Opcode ID: a4e7d6ef325e608a6f165153cf03f341404f8cfd897561a3751fd49c5c97bfc4
                                                      • Instruction ID: 984c161291832e43dc47e03f8d7300797a3f9c004bf86e74138ba2d1ef494000
                                                      • Opcode Fuzzy Hash: a4e7d6ef325e608a6f165153cf03f341404f8cfd897561a3751fd49c5c97bfc4
                                                      • Instruction Fuzzy Hash: A6212731304158AFCB15EF2AC855ABA7BFABF89211F0940A5FC46DB360CA35EC51CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587FD3 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Te^q
                                                      • API String ID: 0-671973202
                                                      • Opcode ID: 599a8db3a3ce62b1794605052f1f8f5de832d9ea24a12f31db93e9bb3692974d
                                                      • Instruction ID: dc0758ea5fa313f500ccdabf1af724de8626c81ef2d0fb868f5644dc6cd9235c
                                                      • Opcode Fuzzy Hash: 599a8db3a3ce62b1794605052f1f8f5de832d9ea24a12f31db93e9bb3692974d
                                                      • Instruction Fuzzy Hash: F3F0F974A1521DCFEB14EF28D955BADBBB2FB48700F10859A960EA7345DA305E81CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05582342 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 3890e2260efc68e22b7d528f6d80267321c76b62b22147985e8bf7805632e884
                                                      • Instruction ID: dc203623e856f66b47e396fc9ac7a2e3e624a7780375843c98314346a421f80c
                                                      • Opcode Fuzzy Hash: 3890e2260efc68e22b7d528f6d80267321c76b62b22147985e8bf7805632e884
                                                      • Instruction Fuzzy Hash: D301AF70911329DFDB65DF14DA497A9BBBAFB05300F0095EAA029A2291CB765FC8CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 058F8E60 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: e
                                                      • API String ID: 0-4024072794
                                                      • Opcode ID: 26521493ee30a259fbd6cd9bf30085b84311f656130a4859938cf767e67d708e
                                                      • Instruction ID: e5c92aba7e69f376f0415d649f59e6157ceb9fa3911f3874d7e5158659d9dda3
                                                      • Opcode Fuzzy Hash: 26521493ee30a259fbd6cd9bf30085b84311f656130a4859938cf767e67d708e
                                                      • Instruction Fuzzy Hash: 01F0197480821CCFDB209B18E89CBA8BBB1EF09305F1004D5D51E97A46DB754AD48F11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C30DB6 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: th
                                                      • API String ID: 0-1087472677
                                                      • Opcode ID: 621ef60597438ccdc07686b65354086358e4c0907a472334072986c66c55a774
                                                      • Instruction ID: 7736fbed9e0573db5831a710dcbc2ffbd7e20cb2d36b60a3ee7cda638f7f2488
                                                      • Opcode Fuzzy Hash: 621ef60597438ccdc07686b65354086358e4c0907a472334072986c66c55a774
                                                      • Instruction Fuzzy Hash: 92D05E329401108FD705AF51E804369A375EB40380F098E30D98A63190CF60D9498AE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B7AE8 Relevance: .4, Instructions: 437COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5276972fbec4f56c3ea552e89805ab13cf29a7e2e70ebd7ebc39835ea5a1811a
                                                      • Instruction ID: fa7cce65506b0b4afebee627c0da5cf1ac2ebde87e7277b2ff7fed14418cc119
                                                      • Opcode Fuzzy Hash: 5276972fbec4f56c3ea552e89805ab13cf29a7e2e70ebd7ebc39835ea5a1811a
                                                      • Instruction Fuzzy Hash: 2512FB34B102198FDB14EF64C898BADB7B2BF89300F5185A8D50AAB355DF70ED85DB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6BD8 Relevance: .3, Instructions: 252COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc3344461a93227b272837f8071e5c39d9ff92ba1dd44dc7fe4cf7d884413bf0
                                                      • Instruction ID: 53d2e7c41c9a3119c65d4ad6661228740c85fcd232944849cb172eacc3902809
                                                      • Opcode Fuzzy Hash: bc3344461a93227b272837f8071e5c39d9ff92ba1dd44dc7fe4cf7d884413bf0
                                                      • Instruction Fuzzy Hash: D1719136B001189FDF15DF54D804BA9BBB6FF89310F0580A5EA09AB261CB72ED56DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B7ADB Relevance: .2, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91c12d44e70b2fb30e99999a7982c6a64f12778583a2f93d8fce3617a928e035
                                                      • Instruction ID: 016e3cfd2db85afb3cc7e00981f2006457bdd436699ec665ab7932df7d4b2293
                                                      • Opcode Fuzzy Hash: 91c12d44e70b2fb30e99999a7982c6a64f12778583a2f93d8fce3617a928e035
                                                      • Instruction Fuzzy Hash: 6AA1F934B102198FDB14DF64C898BA9BBB6BF89300F5185A8E50AAB355DF70ED85DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558AE68 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b80ad24da9c8118a6f8d6532d017c2df33e1285d082b44a076be5377c3facd85
                                                      • Instruction ID: 95a76dc90ccaed19f544759d9ede7477c3e1d506da03baad28068175ebf929ca
                                                      • Opcode Fuzzy Hash: b80ad24da9c8118a6f8d6532d017c2df33e1285d082b44a076be5377c3facd85
                                                      • Instruction Fuzzy Hash: BA816735A412098FDB14EFA5D455ABDBBF2FF88321F24816AE912AB390DB31DD41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8A90 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9f2a7244a4c8c0febaa5fbdb3ce161526af2f233a3ec3d0ee7ee72f680f5728
                                                      • Instruction ID: 39574c1ab21e93f786a46094ae311a19cc876403841c55595f9e81b70df6b84c
                                                      • Opcode Fuzzy Hash: a9f2a7244a4c8c0febaa5fbdb3ce161526af2f233a3ec3d0ee7ee72f680f5728
                                                      • Instruction Fuzzy Hash: D68148707106189FDB04DF68D498BAEBBB6BF88700F1481A9E506DB3A1CB70ED41DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B0510 Relevance: .2, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c617f09c7607cd6534f75b0ed55dd21b859fe5125c974de6858d44f41fe4eac
                                                      • Instruction ID: b6aff9ace2259644197a89c41aebc51e111b6f80a62f7bfba9665ce30b56a739
                                                      • Opcode Fuzzy Hash: 0c617f09c7607cd6534f75b0ed55dd21b859fe5125c974de6858d44f41fe4eac
                                                      • Instruction Fuzzy Hash: C4811735A40218CFDB14DF69C588A9EB7F6FF88350B1581A9E816DB361DB70ED42CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C31F82 Relevance: .2, Instructions: 175COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13299edb6952e2eca1e77e88c3f4afc41610fef22c953fdac6f633587b07cdd4
                                                      • Instruction ID: ada8a11d71bb76eb98f6db17c36ddb2b7fe689eaecb05f20088a5c80dd638a85
                                                      • Opcode Fuzzy Hash: 13299edb6952e2eca1e77e88c3f4afc41610fef22c953fdac6f633587b07cdd4
                                                      • Instruction Fuzzy Hash: A1718134A00104CFDB05DF19D988FA977B6FB88354F2489A5E90ADB3A8CB719D85CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558B120 Relevance: .2, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29e93ca9e9c546b19ce79e08706ac9ef879393d0b204e328c1163444bc65c3e0
                                                      • Instruction ID: e73fca29efac34fbd216e0807b6895038280138d1792857e587c0be27142e82a
                                                      • Opcode Fuzzy Hash: 29e93ca9e9c546b19ce79e08706ac9ef879393d0b204e328c1163444bc65c3e0
                                                      • Instruction Fuzzy Hash: 7C517431B002059FC714EFA9D854A6ABBBAFF84320F14C52AE916AB751DB71E841CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8A81 Relevance: .2, Instructions: 162COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1dec1b1a4150a6fd53ff0bc4892e1d6fd390095dcda631a9396a999247f248ad
                                                      • Instruction ID: 6074f9c71dfa9fdec09c6bec3c3199bd30ff8dda8e714921666379a1dce19b8f
                                                      • Opcode Fuzzy Hash: 1dec1b1a4150a6fd53ff0bc4892e1d6fd390095dcda631a9396a999247f248ad
                                                      • Instruction Fuzzy Hash: 1B613A74B10614DFDB04DF68C898AADB7B6FF88700F1481A9E5069B3A1CB70ED41DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B37D8 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07841f62672e63bc350572a08aed1ca645db47675b9254dcc551837d7cb807d2
                                                      • Instruction ID: c70430f88637fc5c9930289f6d89d1eef5c2e38f5c60fca7226e050a787bf7d1
                                                      • Opcode Fuzzy Hash: 07841f62672e63bc350572a08aed1ca645db47675b9254dcc551837d7cb807d2
                                                      • Instruction Fuzzy Hash: 47519F34B506099FCB14EF64E459AAEBBBAFF88700F008559F50297364DF719E46CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05908DC0 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f03938ac1a22ec6b616007a028f7a084bd4ebc57c29148b4e00bbac5a5a3941d
                                                      • Instruction ID: 4456345cb8129bbe1d930934616d3a358a6f938b801fe08389ef8329e0419f40
                                                      • Opcode Fuzzy Hash: f03938ac1a22ec6b616007a028f7a084bd4ebc57c29148b4e00bbac5a5a3941d
                                                      • Instruction Fuzzy Hash: 5551C574E01219DFCF04EFA5D4846EEBBB6FF88310F10982AD515A7290DB745985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BB988 Relevance: .1, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b1502e9fcf36c393402944d033904ed5a0b21f750727250aaa47d2de64b3d02
                                                      • Instruction ID: 7305af70684209d41e778784976b06f3aaf7906fe295e8ebc0eeac9f7bf77a5a
                                                      • Opcode Fuzzy Hash: 8b1502e9fcf36c393402944d033904ed5a0b21f750727250aaa47d2de64b3d02
                                                      • Instruction Fuzzy Hash: 1441CF71B047588FDB60DF78D58429EBBF2EF84610F44896ED98AC7A80DA70E941CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C38FD6 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78e2d91ea280084f1bc31c03625593ac953e7af0eba2294933590ec0b77a73f9
                                                      • Instruction ID: a7205352e1971a607f828b40241be478911ba854fdcde5f0b4f9b8c7c0eb8146
                                                      • Opcode Fuzzy Hash: 78e2d91ea280084f1bc31c03625593ac953e7af0eba2294933590ec0b77a73f9
                                                      • Instruction Fuzzy Hash: 6A51BB74914229CFDBA5CFA9CC45B99BBB6AF89304F0095EBD40DA2250DB746EC1CF21
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B63B0 Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2534e29231b3e59d3afd5ab4ced65fb5c07956a3d11ab2130f57a90fbab0b10
                                                      • Instruction ID: 2b8128fb4c41c3f6755e9a40d1cb4b50ee7bd0f013001b088b43c23cf73d9362
                                                      • Opcode Fuzzy Hash: d2534e29231b3e59d3afd5ab4ced65fb5c07956a3d11ab2130f57a90fbab0b10
                                                      • Instruction Fuzzy Hash: F331D5366105089FDB05DF58D888EA9BBB6FF49320F1640A8F60A9B372C771ED55DB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558B318 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ed86e958a039a6304450430d7da0b808b34590f5cefc767cebbe144b5f4b803
                                                      • Instruction ID: 2b19b9ca2ecc8788ba2458ac6a94721026b75383e6170c111035fbb7f8c8f4a0
                                                      • Opcode Fuzzy Hash: 6ed86e958a039a6304450430d7da0b808b34590f5cefc767cebbe144b5f4b803
                                                      • Instruction Fuzzy Hash: 88419031A002158FCB54EFA5C845ABEBBB6FF88325F008539D906E73A0DB34D946CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B37C8 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d21e8f04454877dde3d709266a6fea3ae109e7baa3db093e1b1b56cbfc4f34cd
                                                      • Instruction ID: 57ffb68f1628142f7e79ec36828b4d847638b6456e6a8ce38aebbe2e62da763b
                                                      • Opcode Fuzzy Hash: d21e8f04454877dde3d709266a6fea3ae109e7baa3db093e1b1b56cbfc4f34cd
                                                      • Instruction Fuzzy Hash: 6031C234B106099FDB14DF54D899BAEBBB6EF88310F008919F4029B3A4DFB05D46DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8D98 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f2ccbc5f3c95491cfa3d0004f675629a2ea002ab0b0338463c6715db363d98cb
                                                      • Instruction ID: af38eb6b780d3006c3cee2b1032e7210eaeead1bf39c6da2d74a237e2779aeb6
                                                      • Opcode Fuzzy Hash: f2ccbc5f3c95491cfa3d0004f675629a2ea002ab0b0338463c6715db363d98cb
                                                      • Instruction Fuzzy Hash: 45313A35A001189FDF14EFA4D898AEEB7B6FF88310F108125E902BB360CB759D05DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B0007 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff3517f83a8c9faa3f4c15ff3c6e2d5be6c8c4e2fc7db7d7f97f835ea21f2e2d
                                                      • Instruction ID: aab2b6343e2a44dce0c45158623bce184c0fae31b460e2075ca242acdfd920ed
                                                      • Opcode Fuzzy Hash: ff3517f83a8c9faa3f4c15ff3c6e2d5be6c8c4e2fc7db7d7f97f835ea21f2e2d
                                                      • Instruction Fuzzy Hash: 6D319D312043489FDB16CF69D888BEA7FB2FF45301F0581AAE805CB2A2D7B5D895DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587327 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67c8a33f65df5ef41f28913d6af213abe717481f89c72b8ff5e5ac5b396202d3
                                                      • Instruction ID: d7dc9893526033962c0479670f2e53334c5162ae6691433b90ffdce6fabfe153
                                                      • Opcode Fuzzy Hash: 67c8a33f65df5ef41f28913d6af213abe717481f89c72b8ff5e5ac5b396202d3
                                                      • Instruction Fuzzy Hash: C831E170E15209DBCB04DFAAD845BEEBBF2FB8D300F208426E819B7251DB715A458B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587338 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82f304a458dbfd4c9b6b409973ec42d0eeb93089c37c722e3444efb2bd2ed366
                                                      • Instruction ID: 571e1c49d915538a455b01e0496cab943fafe2e9dc71b58f325bc19d795aaa96
                                                      • Opcode Fuzzy Hash: 82f304a458dbfd4c9b6b409973ec42d0eeb93089c37c722e3444efb2bd2ed366
                                                      • Instruction Fuzzy Hash: 9431E774D15219CFCB04DFAAD844AEDBBF2FB8D310F209425D815B7251DB715A448F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588348 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 400b95be182bdb199939c0efacf90fc6251e13ca2465228cfa9ed16eb3dffb59
                                                      • Instruction ID: 62e97ecb99110cd99da0405cccde656fc53f80f8fcc1bfdedb2f90ff8368a5b1
                                                      • Opcode Fuzzy Hash: 400b95be182bdb199939c0efacf90fc6251e13ca2465228cfa9ed16eb3dffb59
                                                      • Instruction Fuzzy Hash: AC31F574E04209DFDB04EFAAD8856AEBBF2FB88300F508526D415B3354DB349941CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B001F Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b5a78b3dc2e8628139dc87df779052919b47c1db73fcf0d0ee3b3e2045ab4f79
                                                      • Instruction ID: 215cc54334000da24d64ab9033d1232bff99ddec74ae2bcca5a02a9477613b78
                                                      • Opcode Fuzzy Hash: b5a78b3dc2e8628139dc87df779052919b47c1db73fcf0d0ee3b3e2045ab4f79
                                                      • Instruction Fuzzy Hash: 2B31A0312046489FEB15CF69C888BEA7BB1FF44301F0581A9F805CB2A1D7B5D895DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558D9B8 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 620f0d8ce95db5c4c2fe193f94d614641536a2eabeb3ae4f1528df3f1f882e4e
                                                      • Instruction ID: 212742f37a88f64fa87900aba01b55c219be2e90d04530f71dddd37a664472e6
                                                      • Opcode Fuzzy Hash: 620f0d8ce95db5c4c2fe193f94d614641536a2eabeb3ae4f1528df3f1f882e4e
                                                      • Instruction Fuzzy Hash: 0E3169343003099FC724EF25D894A7ABBB6FF85352B58856DE8069B7A0DF31E846CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588339 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c34adedbea903a4d23f9049cad7260973cfb39bb2c60abbf9487b7768cfa0b6d
                                                      • Instruction ID: cde725975cb25b4b270efc52389ced426e9ea72e262e519f931e60ae2b8096a1
                                                      • Opcode Fuzzy Hash: c34adedbea903a4d23f9049cad7260973cfb39bb2c60abbf9487b7768cfa0b6d
                                                      • Instruction Fuzzy Hash: 3531F3B4E04209DFDB44EFAAD9856AEBBF2FB88300F548526D415B7354DB349A81CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587B7E Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e2e18f82cc16437514bfd8927336bf9901249d12f70a88c908688ecad7867f3
                                                      • Instruction ID: 458660eb9c38ba4c418c3cb5634457d7e1e9287c6f26a65b78a17bd50bc138d0
                                                      • Opcode Fuzzy Hash: 3e2e18f82cc16437514bfd8927336bf9901249d12f70a88c908688ecad7867f3
                                                      • Instruction Fuzzy Hash: 883106B0A15608CFDB14EF99C588BADBBF2FF89301F25846AD00ABB254DB755985CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055870C0 Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d1c7d194d78fb4a1b7aef367b40e2f0a6f1f499f497cce432c8e35c5be76f9b
                                                      • Instruction ID: c205031514eba021d1a68209c75c4a145c374924d04fcc3874a768a27238e1e6
                                                      • Opcode Fuzzy Hash: 9d1c7d194d78fb4a1b7aef367b40e2f0a6f1f499f497cce432c8e35c5be76f9b
                                                      • Instruction Fuzzy Hash: EB310670E002089FCB09DFA9D8906EEBBB6FF88310F15846AE515B7364DB355945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B4578 Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a55209daad2632f50c1cf5a90635c946cdb18917fb67e292ea7c4db635edf433
                                                      • Instruction ID: 58c8d87b3ce7e4d47eb6d92648b7a5d19d0d0150c3a68939e8c1599d89557328
                                                      • Opcode Fuzzy Hash: a55209daad2632f50c1cf5a90635c946cdb18917fb67e292ea7c4db635edf433
                                                      • Instruction Fuzzy Hash: 16210A323056049FDB208F6AE444AAABBE7EFC4321B15C47AE50EC7652DBB0EC41C751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B9A60 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b2d29610b668ee957ad171b2ff88da09a59aa196254aac3f7d9def9969be2494
                                                      • Instruction ID: 70d7b223af52e28d06b15912765bdb6a9879ae4393be8c403194784bb2e1cef0
                                                      • Opcode Fuzzy Hash: b2d29610b668ee957ad171b2ff88da09a59aa196254aac3f7d9def9969be2494
                                                      • Instruction Fuzzy Hash: 86218874B10A09CFCB00EF69C5989EEF7B5FF89700B10456AE506A7360EF74A946CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558D7A0 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 85b9d3e10bc434c400149cacf5ae015eaa412e6fb68c34b1bd38e664f6c795a7
                                                      • Instruction ID: 8d6bdce123b89fcd5f2ea4d17a81de868aa23ccff4b9b853c896c0473f8b9d0d
                                                      • Opcode Fuzzy Hash: 85b9d3e10bc434c400149cacf5ae015eaa412e6fb68c34b1bd38e664f6c795a7
                                                      • Instruction Fuzzy Hash: B6213671E002099FDB50EBB8C804BBEBBF5BB44250F108466D919EB290E738CA55CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B04C9 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9406aaa7a2d6a5fcd0d848a3d25ee61e7d34a9757b303d805a093ceb9b652fbb
                                                      • Instruction ID: 4b38b849d25ca917b2e9af57093ed85ad2f38b4b110500120ca950b98335af2f
                                                      • Opcode Fuzzy Hash: 9406aaa7a2d6a5fcd0d848a3d25ee61e7d34a9757b303d805a093ceb9b652fbb
                                                      • Instruction Fuzzy Hash: FE216D76A04208DFDB15DFA9D844DDEBBF9FF89300F054166E505EB261EA30AE09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E0D01C Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1715851526.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0d000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 976f2514e996d05dcfb3d180653c329d0aa2857e76f696db9d65d57ff5bc3345
                                                      • Instruction ID: 6ed6ad97ffa8b2c1b3cd6f170bc409e39266e6dabf7dbbb266ec695cec680899
                                                      • Opcode Fuzzy Hash: 976f2514e996d05dcfb3d180653c329d0aa2857e76f696db9d65d57ff5bc3345
                                                      • Instruction Fuzzy Hash: CB212571108240DFDB11DF54DDC4B27BF66FB84314F20C569E9096B286C336D886C7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B63A0 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38c0ef626f1d87299b02b0d0678d2f8e789545072e1430796768ccc820438f25
                                                      • Instruction ID: cd1953bd8e3d65a224e975985871f1b2a8b35b25f34dae506164dc6ee2a59ef6
                                                      • Opcode Fuzzy Hash: 38c0ef626f1d87299b02b0d0678d2f8e789545072e1430796768ccc820438f25
                                                      • Instruction Fuzzy Hash: 36214976A10104DFDB05CFA8E988EA9BFB2FF48320B0640A9F6099B272D771D915DB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589461 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70a83c46db26530b78f7046277468be4cbabdc6244e6601c5c62e953d4233b84
                                                      • Instruction ID: 6e08f99edb116801692d055d7550ad72822d975962eb55997fc233ff5ff3b31c
                                                      • Opcode Fuzzy Hash: 70a83c46db26530b78f7046277468be4cbabdc6244e6601c5c62e953d4233b84
                                                      • Instruction Fuzzy Hash: 8C21D4706503095FC710EF28D8467AEBBF6EB84310F908539E00AD7689DF71990587A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B9A53 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64ee99b8e77c919165bff559ad2f897602e0a5e177b5028dc9cd65d57f26dbf4
                                                      • Instruction ID: 9caa670884c62a89f489105b34c3f107843d97cf331f53082f3bd13a3e6af2d5
                                                      • Opcode Fuzzy Hash: 64ee99b8e77c919165bff559ad2f897602e0a5e177b5028dc9cd65d57f26dbf4
                                                      • Instruction Fuzzy Hash: F7218A74B00609CFDB00EF68C589AEEB7B5EF89700F10456AD515E7360EBB09A46DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B1A18 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34584ad8f01a1cdca45fae1cb4e3fb880fbf533456815cb0db806c57496df336
                                                      • Instruction ID: 7e1fff0ca4de50b91a822999b749c600537046f4fa4f9a21fb73463bae05b050
                                                      • Opcode Fuzzy Hash: 34584ad8f01a1cdca45fae1cb4e3fb880fbf533456815cb0db806c57496df336
                                                      • Instruction Fuzzy Hash: CC211771A402098FDB14DF94C595ADDB7F2FF88301F6042A5E405BB3A5CB72AD45CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055808A0 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e434c4fa1f57d3cfbb41d9e0e46d99d3efdf0681f17f7ade9ad3574c902a8b2
                                                      • Instruction ID: a35e5e1ce8dcbb9a098fcf488ced95d6ea8f06541709bba30a47a56bbcb6108e
                                                      • Opcode Fuzzy Hash: 9e434c4fa1f57d3cfbb41d9e0e46d99d3efdf0681f17f7ade9ad3574c902a8b2
                                                      • Instruction Fuzzy Hash: 21212C70E0420ADFDB44EFAAC1486BEBBB6FB44300F108565D429B7291D7349985CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2B08 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d29d6b535330b3707a11af32d93c081d89500c7607e33cad07239f5a6b60667
                                                      • Instruction ID: 655cf5c4ad31faaad576a349401c8204359b2520ef7de9203296af104d43cd5a
                                                      • Opcode Fuzzy Hash: 7d29d6b535330b3707a11af32d93c081d89500c7607e33cad07239f5a6b60667
                                                      • Instruction Fuzzy Hash: 8121DB3190161AEFCB01DF58C884ABAFBB6FF44300B41C5A9D4099B25AEB70F895CBD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B9A10 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: df1e397de9a4c66d9a44a053b3ca2be1298b919d9d51af165554262d29627fd5
                                                      • Instruction ID: 370780933a589a71dc50da9110882c2d9b684fb9dbdafc63ce0af0b0491f471e
                                                      • Opcode Fuzzy Hash: df1e397de9a4c66d9a44a053b3ca2be1298b919d9d51af165554262d29627fd5
                                                      • Instruction Fuzzy Hash: A121E1B5B04A448FDB01DB74C8987DDBBB1EF86310F4441EAD1029B3A2EBB49946DB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B1A08 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af6b53889a377a4511e002dc78050a2745196538302fb067441136254cbd303a
                                                      • Instruction ID: 6b8d5e4e591f6fda5d7e8502f04fd2c2ab45304a7a54430d31f999438b829d5c
                                                      • Opcode Fuzzy Hash: af6b53889a377a4511e002dc78050a2745196538302fb067441136254cbd303a
                                                      • Instruction Fuzzy Hash: 1B214B71A402098FDB14DF94C595BDDBBF2BF88300F6042A4E401BB7A5CB75AD41CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590F5C8 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c370f9222f74ba8aa5078be3157e2787d243ed1c404a974e4ae4b39c7979d4f1
                                                      • Instruction ID: cdc69a92b9e9efbd94f72ab017cd90271a23ec6c0b8ddc407ef2b94d26ee81fb
                                                      • Opcode Fuzzy Hash: c370f9222f74ba8aa5078be3157e2787d243ed1c404a974e4ae4b39c7979d4f1
                                                      • Instruction Fuzzy Hash: 60211970E05218CFDB68CF6AD9447DDB7F6AF89300F0494AAD40DA72A0DB304A89CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E0D005 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1715851526.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_e0d000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 363302e0d42974408f9549712ecd985af8cef7f30b335656912e0bd2b5f7eb3f
                                                      • Instruction ID: 5717506975eb63ca5b21f547930e61a312be639db706fa8e97a2286576e791fd
                                                      • Opcode Fuzzy Hash: 363302e0d42974408f9549712ecd985af8cef7f30b335656912e0bd2b5f7eb3f
                                                      • Instruction Fuzzy Hash: 6E21B37100D3C08FCB02CF24D994716BF72EB86314F2981DAD8489B697C33A984ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587268 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: df4c87b07e59a74318f8ed4301b31e6fdc1ec5216191240719a295edb6bfb0e9
                                                      • Instruction ID: d2bf0b5f07f6f96244638fd52d8b1b8c259dc24145eaabbba1dc62969036ef59
                                                      • Opcode Fuzzy Hash: df4c87b07e59a74318f8ed4301b31e6fdc1ec5216191240719a295edb6bfb0e9
                                                      • Instruction Fuzzy Hash: 4B11B134559208DFC714EBE8D944AACBBB8FB0B211F2045D9E849A7262CB325E44CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C32BF8 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6704985183f62a256d83b17ed4c8ff4768369d6121393917b1ca4699facb940d
                                                      • Instruction ID: 87cd9c7a60c37737274d45bde48f3429e385c8974b03845dcb4e7de28b9ca2cf
                                                      • Opcode Fuzzy Hash: 6704985183f62a256d83b17ed4c8ff4768369d6121393917b1ca4699facb940d
                                                      • Instruction Fuzzy Hash: 8321C670905609CFEB06CFA9E8493AEBFF1FF45305F1089AAD805A7252CB754E84CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558223F Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86e9d82eccd51c722c764637ff7ea7c602db8c68bb49ca7282a5318e55850e71
                                                      • Instruction ID: 314ccaa3b142f71784752062d158e34d532f56c706d276eabe7ccb3a1b047eeb
                                                      • Opcode Fuzzy Hash: 86e9d82eccd51c722c764637ff7ea7c602db8c68bb49ca7282a5318e55850e71
                                                      • Instruction Fuzzy Hash: 1521A77891622ACFEB64EF59C848BADBBB6BB58301F1085D6D40EB2250DB744E91CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A892 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e753b0558130380c942387228fcff387169ee509e20e7e80182f4fe7de4fbb01
                                                      • Instruction ID: 96682f90659f64cb38327f8f9072a40eca56a2b5fff408c2c7f48ef32770dd30
                                                      • Opcode Fuzzy Hash: e753b0558130380c942387228fcff387169ee509e20e7e80182f4fe7de4fbb01
                                                      • Instruction Fuzzy Hash: 3E119331B443095FCB60DF68D845BBE7BF6BB88621F15442AE955E7280EA71C841CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C32C08 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80793054a925d012bb948ea182095435512ac0ba0e05f7df2c47568a9403363a
                                                      • Instruction ID: a6666e7f9c4b185546231393d0804e6604087db8af65a1aeda453c6beea2c308
                                                      • Opcode Fuzzy Hash: 80793054a925d012bb948ea182095435512ac0ba0e05f7df2c47568a9403363a
                                                      • Instruction Fuzzy Hash: DC215C70D05608DFEB05DFAAE8493AEBBF5FB48304F1088A5D805A7241DB744A84CF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A562 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa800894669b2f0261fac52575ba50dfbf2cc0b74d290a62059062a893e0fbad
                                                      • Instruction ID: f2366c00492e6133e826d80b4c297f3a80461f8c9bfc94458758f5850d9592d1
                                                      • Opcode Fuzzy Hash: aa800894669b2f0261fac52575ba50dfbf2cc0b74d290a62059062a893e0fbad
                                                      • Instruction Fuzzy Hash: AC114C30A41209EFDB10DFA8D585AEDBBF6FF48320F144126E801B73A4C7349944CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A609 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c7dcf260f630e9d1fb0908b36a7574b5f83b485479465286ccade579ebc9abb6
                                                      • Instruction ID: c799d6080c4468d7fd4b18f8adae77ddf7b3f2d5a1779d4792b1f1c816bdfa0c
                                                      • Opcode Fuzzy Hash: c7dcf260f630e9d1fb0908b36a7574b5f83b485479465286ccade579ebc9abb6
                                                      • Instruction Fuzzy Hash: BD215B78A42219AFDB04DFA8D594EADBBF2BF49310F244059F906EB365CB34AD41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2BA1 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b95a3c4f6315c3a6af7abc0c2f3b740c971a0f651562f53b4ae5256b3af316c6
                                                      • Instruction ID: 4a120291249bd64d60f1b210eb4401135c097e1fc14a113713dc1fe72f78a512
                                                      • Opcode Fuzzy Hash: b95a3c4f6315c3a6af7abc0c2f3b740c971a0f651562f53b4ae5256b3af316c6
                                                      • Instruction Fuzzy Hash: 83017D76B1FA004FF7211F185C157F67BF1D786260B040467E805C7283ED818C86D351
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A4E8 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c9b243f0a864b3da54966e6f5f94c114d20fd79d2ac8b9c086753b49f73fcd3
                                                      • Instruction ID: abcee7b66b36a17152fb56984fa3d9cb3ac5fb4da15811966f5959f3c70db10e
                                                      • Opcode Fuzzy Hash: 1c9b243f0a864b3da54966e6f5f94c114d20fd79d2ac8b9c086753b49f73fcd3
                                                      • Instruction Fuzzy Hash: DA01A736340315AFDB009F59EC84FAEBBA9FB89721F108027FA04DB290CAB1D800C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587A9F Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0de0e47b22ff4c0ab66016ed935a032ba9cb9e0241585fed8d1243ed640f27b4
                                                      • Instruction ID: e5becb2fb031f754762db4ab21778e4dc3417fa6c2698f301ce003b4e00b0d92
                                                      • Opcode Fuzzy Hash: 0de0e47b22ff4c0ab66016ed935a032ba9cb9e0241585fed8d1243ed640f27b4
                                                      • Instruction Fuzzy Hash: BA11D0749042088FDB10EFA9D841BBEBAB2FB4D301F1484A5D449B3291DA310A49CF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6DE1 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 679348fa273c3b6d6a914fbd61d93fc6d288785dc3ee5c207a027ee1b6516ebd
                                                      • Instruction ID: 6f7e364e723033021dbe449fe74ff23f127fc270a4c00385468ed05bb4b81342
                                                      • Opcode Fuzzy Hash: 679348fa273c3b6d6a914fbd61d93fc6d288785dc3ee5c207a027ee1b6516ebd
                                                      • Instruction Fuzzy Hash: A20145763406108FCB06DB24C458B5A7BB6EF89710F0085AAEA06CB390DF72DC02CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8ED8 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f892eb2dfeed9c84fc95f4f7a66e3d51de66b76f8504b49baf217f0f6c407c15
                                                      • Instruction ID: 8f49f4b6dafe91b0ee1485bf8e5ef266d225b86144425e68182d0b85e3808936
                                                      • Opcode Fuzzy Hash: f892eb2dfeed9c84fc95f4f7a66e3d51de66b76f8504b49baf217f0f6c407c15
                                                      • Instruction Fuzzy Hash: 9901D2713006009FE7259B20C488BBA37A7ABC5324F18866CE5564B7A1CBB5EC43EB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05584F12 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d2dac2b4ea0ccc9da1b709ed750f637af37667fadf9f0794b9949a282ae4c5e
                                                      • Instruction ID: e7e51ab91eff98ca1addd8ed0548f4172d298b3be241878b3049f298cab4533f
                                                      • Opcode Fuzzy Hash: 7d2dac2b4ea0ccc9da1b709ed750f637af37667fadf9f0794b9949a282ae4c5e
                                                      • Instruction Fuzzy Hash: E72194749412698FDB65DF24D9A8BADBBB6FB48301F0001EAE10EA7291DB305F848F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558DF38 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0d513115580f03faee4e67d51be8e7887f92f2a8e3b433f5e2d1eaa185bbff7
                                                      • Instruction ID: 6c48aa5f2c1462889b1be2234eb89e1e581be3f8563080579e142b89c3488ee3
                                                      • Opcode Fuzzy Hash: f0d513115580f03faee4e67d51be8e7887f92f2a8e3b433f5e2d1eaa185bbff7
                                                      • Instruction Fuzzy Hash: 17F0C8327401155FC314AA2DD884E6AB7F6FFC8724B110164F908DB760CB21EC81C6A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587AB8 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5a4dd0c560bdb1fb3a2d15edee3eed66a8f3a553d28755ce7aa7d3defa184f0f
                                                      • Instruction ID: 4d64ac951e7f2e64a9e8e88872d4161b9d9e75c50d404e078e362ce1e3152e24
                                                      • Opcode Fuzzy Hash: 5a4dd0c560bdb1fb3a2d15edee3eed66a8f3a553d28755ce7aa7d3defa184f0f
                                                      • Instruction Fuzzy Hash: 72118E30A04208CFDB14EF69D845BBEBAB6FB8D300F1094A5D50A77240CF711A85CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05580890 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a93778860322eadc1824c748e14168739f675f731be65b2066b76cb621aa435
                                                      • Instruction ID: e1f6e498c7a9daab28931b2c3b788c10d962c0d0f74ba2e2705f05f0282ed5a6
                                                      • Opcode Fuzzy Hash: 9a93778860322eadc1824c748e14168739f675f731be65b2066b76cb621aa435
                                                      • Instruction Fuzzy Hash: A0113970D09246CFCB44DFA9C9456AEBFB2BF85310F14C2AAD418A72A2D730558ACB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B8EE8 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72e1a2cdb262d90735d5f3c0f41ecd73a34d8fb1bf1ecf074cb5d8b79136991e
                                                      • Instruction ID: e4a2ac61d9e2aea1fa8cb81e85f11e07ea1b01a026cb4ce03eca8364f20d259e
                                                      • Opcode Fuzzy Hash: 72e1a2cdb262d90735d5f3c0f41ecd73a34d8fb1bf1ecf074cb5d8b79136991e
                                                      • Instruction Fuzzy Hash: D001B5703002009FD3249B25C488BBA77A7BBC9324F144628E5164B794CBB5EC43D781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BBF00 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473ddede98d3181035cbd0f9c162c8e3eba956484b4dd43a11a37da8439fa005
                                                      • Instruction ID: 0f2b5378c4825d01fea09de9eb40cdc61c3e3aadfeab124c3d5c59c1ccabfa8e
                                                      • Opcode Fuzzy Hash: 473ddede98d3181035cbd0f9c162c8e3eba956484b4dd43a11a37da8439fa005
                                                      • Instruction Fuzzy Hash: A6018C31E04608EFCB01DFA9D8085DEFBF5EF89310F10815AE519A3250EB30AA04CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BAB1B Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39b99b869af937b5ea65e8479c4a76f6682b7f0779721f153bdaccfc9473bf75
                                                      • Instruction ID: 3dd772fae88c3680ae3e6c0e1e1f87b337a26692e3cd8820c3aa516426d03ce2
                                                      • Opcode Fuzzy Hash: 39b99b869af937b5ea65e8479c4a76f6682b7f0779721f153bdaccfc9473bf75
                                                      • Instruction Fuzzy Hash: 4501F9323402149FD719EB64D858B6A77B6DB89714F404068E5058F3A1CFB6DC83C7C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B5F58 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 933a2a1f60ce71ac24d4c11bc90782001ca88b4e32a2ff0ba5b1ed7643996543
                                                      • Instruction ID: 992eede9bdddb415d70fdf5470d7725e0f003c2f42a6381dfbe5f744d1f982a6
                                                      • Opcode Fuzzy Hash: 933a2a1f60ce71ac24d4c11bc90782001ca88b4e32a2ff0ba5b1ed7643996543
                                                      • Instruction Fuzzy Hash: 0BF0A4716403059FCB11DB15D980E9AFBAAEF80310B048A3AF406CB769EAB1ED498760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BDF38 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76b2cb94826b7ac22dbb4681aef2b9e1250640594a7cefa749028de0ed66809d
                                                      • Instruction ID: a2b92eb96dc48dfd064ebd1122e60f171b523fe039453ca22bd2d0267b686b48
                                                      • Opcode Fuzzy Hash: 76b2cb94826b7ac22dbb4681aef2b9e1250640594a7cefa749028de0ed66809d
                                                      • Instruction Fuzzy Hash: FAF0F4E150D1048FC768D7E4EA497BC3B619792204F14589AE46C57262DDB28D06AB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6B69 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8b215cf1d45e6167474bb9e3f46de707ac282893400d22db550906e49bcdb33
                                                      • Instruction ID: bc1600e37af1b2ba2e9ac5e5134c109f61b6fc0b6c4bacb848390df8e93b62ee
                                                      • Opcode Fuzzy Hash: e8b215cf1d45e6167474bb9e3f46de707ac282893400d22db550906e49bcdb33
                                                      • Instruction Fuzzy Hash: 2601A479340700AFC705DB24D855E7A7BB9AF89721B1580AAE945CB3B1CA71DC42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589908 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90428687770dadaec5d14d311fdcccc293a2152c52b32dd48c7ae5105e162daf
                                                      • Instruction ID: 37e1fa76d5f52e764d78c67f9a1eb432cb21fbc25d0f4b6896a4c1e1c412b772
                                                      • Opcode Fuzzy Hash: 90428687770dadaec5d14d311fdcccc293a2152c52b32dd48c7ae5105e162daf
                                                      • Instruction Fuzzy Hash: 66F02472B482155FF3049A58A85077BB7A5FBC8720F14447AE44AEB394CA76EC428380
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558031A Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c3192b5a4db63d69436b7b8cda28cfa9122d1caf4433ca26dd1befd42e7d4e83
                                                      • Instruction ID: 0d3eb5351895ab7510b3fad8a404276b35a7a60ea7385a095aa5942372bf9787
                                                      • Opcode Fuzzy Hash: c3192b5a4db63d69436b7b8cda28cfa9122d1caf4433ca26dd1befd42e7d4e83
                                                      • Instruction Fuzzy Hash: 84014670D04208DFCB40EFA8D8453AEBBF8FB49200F5045A99819E3290DB318A44CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C3A895 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2370c0e66e4c924b803fd32122ede9807d1beed479af7a837d06b71bd08ee07
                                                      • Instruction ID: ca0cf967c3837aefb5162857abbe1e01cc0da0136bdacb62030f6302e75360ce
                                                      • Opcode Fuzzy Hash: d2370c0e66e4c924b803fd32122ede9807d1beed479af7a837d06b71bd08ee07
                                                      • Instruction Fuzzy Hash: 63119074D00668CFDB65CF29ED48799BBB0EF09306F0099EAD809A7281DB345A80CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6DF0 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f3bf5515b97f1500b94a9f140f8de4e720a2986c774d00b780276bcc44f75f6
                                                      • Instruction ID: d0d1e4a3386967c5991c90baa47db36153fdc877bf72015574d5f89f0c26e4e8
                                                      • Opcode Fuzzy Hash: 2f3bf5515b97f1500b94a9f140f8de4e720a2986c774d00b780276bcc44f75f6
                                                      • Instruction Fuzzy Hash: BA01DC353406049FC708EF24D058A1ABBA6FBCC711B108568E90A8B390CF32ED02CBC0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BBF10 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b2f050e534b0cc5d4c8062eca6ac7665a4b09a13c6796d6ecb885921e5144ef1
                                                      • Instruction ID: d30bffa5d9609f3d39fc6c8868a175040a20d337c444390feb7f7c474afe5e6d
                                                      • Opcode Fuzzy Hash: b2f050e534b0cc5d4c8062eca6ac7665a4b09a13c6796d6ecb885921e5144ef1
                                                      • Instruction Fuzzy Hash: 2A011671E10609DFCB00DFA9D5089DEFBB5AF89710F108169E519A3210EB70AA04CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589970 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e31adb1791c2027d08e82b42154dbcd683baecc0312eb03bac6a455caca8319
                                                      • Instruction ID: 807814b23aa411532fcc69c90db831af1212235e84fae2f9b7f04f604a84e442
                                                      • Opcode Fuzzy Hash: 4e31adb1791c2027d08e82b42154dbcd683baecc0312eb03bac6a455caca8319
                                                      • Instruction Fuzzy Hash: 4AF02462B4D2904FE31257785C50335BFB2ABD6200F0804EAC0969F2E6DA569846C381
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589918 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6787de5129bcccbf6a192459804604358387eed85c36e14164eeddf9c93ea26f
                                                      • Instruction ID: db60fdf6f3b5c59ff2aeb86f983da892f527f72654ee8fd9cba047626ee2250a
                                                      • Opcode Fuzzy Hash: 6787de5129bcccbf6a192459804604358387eed85c36e14164eeddf9c93ea26f
                                                      • Instruction Fuzzy Hash: 7BF05932B482111FE7149B19980073BF7F9FBC8710F10406AE44AAB390CB72AC4283C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B73F0 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1cbdbb712efb6417e0c94a91c0e0840f719fd6a1833904d3881b06ce4d3809d7
                                                      • Instruction ID: a5f289be66739851012b938892b3bed38a8d6adaa76ee01af9bf1e8cc5397a61
                                                      • Opcode Fuzzy Hash: 1cbdbb712efb6417e0c94a91c0e0840f719fd6a1833904d3881b06ce4d3809d7
                                                      • Instruction Fuzzy Hash: 64F0B472B002589B9F054A79D4549EAFFF9EB89225F008177ED18E7310D572CD1197E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 058F6463 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e00684a170f7943dc2062d2d2a863bc7c7e9c4a57b8d7617afc0260f8aca1a9
                                                      • Instruction ID: b69ddeae03e6e2d563d69e49f8a365641ad7442ecc78b65073923fceb148e948
                                                      • Opcode Fuzzy Hash: 2e00684a170f7943dc2062d2d2a863bc7c7e9c4a57b8d7617afc0260f8aca1a9
                                                      • Instruction Fuzzy Hash: CE11067490026CCFCB64DF14E898B99B7B5FB48705F1048E5E50AA3245DBB15EC4CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588868 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f01c59cd893e08238d2fbcec2033e35408327ebd7fb48e2b7b1642b248fcf125
                                                      • Instruction ID: afb30a6fc42f7f86ff65e8391f7eb50d02c05a8678aba95f08df4a9fbc685983
                                                      • Opcode Fuzzy Hash: f01c59cd893e08238d2fbcec2033e35408327ebd7fb48e2b7b1642b248fcf125
                                                      • Instruction Fuzzy Hash: 5EF01D74E04108EFC744DFA8D9417ACBBF4FB49314F1088A99808A3341DA319A11DF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A4E2 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: daea242f495093ef2e1b6711452e95adea8928223b40d0da4768abf1eb69363a
                                                      • Instruction ID: 7ab7d601d2fab6aff796c7389edd63140c4a437e2aad2d47c89da0abaf2b6e10
                                                      • Opcode Fuzzy Hash: daea242f495093ef2e1b6711452e95adea8928223b40d0da4768abf1eb69363a
                                                      • Instruction Fuzzy Hash: 5BF08C363002059F8B049E6AE884C9ABBF9FFC9625351806AF905C7320DA71E804CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B4680 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b721b8a024143e88d3fd3e6668739dbdd66d747fcfb77cacf313de872525592b
                                                      • Instruction ID: e2328ade509a401d3c416cad3bede53cac87614a4d0f73b63fa730b56c3b293a
                                                      • Opcode Fuzzy Hash: b721b8a024143e88d3fd3e6668739dbdd66d747fcfb77cacf313de872525592b
                                                      • Instruction Fuzzy Hash: 0DF08235709B814FEF129B395D585B13FF38A4612831907D7E095C7293EA549C0A9762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2C28 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b603bec4f0bf0f0dafed5bd47842fba38a686650e50a326bf1d8d0e704599bcf
                                                      • Instruction ID: f78ab56a56ba0faac945900a544db245bdd91213c04e5f72696b432c7cb95143
                                                      • Opcode Fuzzy Hash: b603bec4f0bf0f0dafed5bd47842fba38a686650e50a326bf1d8d0e704599bcf
                                                      • Instruction Fuzzy Hash: 5BF0E2313043454FCB018E39E98588BFFAADEC1210704C97AE009CB226CA70CD0AC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6B78 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3d4f94a663588c1dd5432faf6dc232d09f5942d13c3ca2a0fb7a54f7bdb751b
                                                      • Instruction ID: 8482785904df0ca1ec40bc6497d44605e15d2e339588548ffb556e0ecf151631
                                                      • Opcode Fuzzy Hash: e3d4f94a663588c1dd5432faf6dc232d09f5942d13c3ca2a0fb7a54f7bdb751b
                                                      • Instruction Fuzzy Hash: 3DF054353502049FC714DB29D455D2AB7AAEFCC711F1480A9F9068B760CA71EC41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558BBD0 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e80010ce63bfa7a5714f0ac882d118e9729a08bf90bb38871368f557480269d
                                                      • Instruction ID: c067b9eb7d21b18cb073fa2db46f0d1c0edaf01c8bfa9d30271ef1f29966589d
                                                      • Opcode Fuzzy Hash: 4e80010ce63bfa7a5714f0ac882d118e9729a08bf90bb38871368f557480269d
                                                      • Instruction Fuzzy Hash: 77F0E2319087589FCB0ACBA4D0486EDBFB6AF84221F0881EAD407D7251DB740A8ACB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05586F10 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74aaa5a07fa4b7037df0f987d81f3e4d9515e8bc0090d06621643e2368a47ec3
                                                      • Instruction ID: 19a1492ab8a1bd16ecb11c69fc26df46cc7deefcaf7138433986b88e482b05d8
                                                      • Opcode Fuzzy Hash: 74aaa5a07fa4b7037df0f987d81f3e4d9515e8bc0090d06621643e2368a47ec3
                                                      • Instruction Fuzzy Hash: 09F03070E05208EFCB44DBA9D8057EDBBB9EB45300F1080AAD848A2340D6358A40CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587EA1 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c115df480194dd6fb96a052d26bd525e9982d4314411756704defaa2f7c83137
                                                      • Instruction ID: 9958ffebc7a114acb5a2d504b43b31e3e5035aebb104753affc82c93ec527930
                                                      • Opcode Fuzzy Hash: c115df480194dd6fb96a052d26bd525e9982d4314411756704defaa2f7c83137
                                                      • Instruction Fuzzy Hash: EBF03774A00119CFCB14EF58D985BACBBB2FB48300F5095AAE509B3341CF315A84CF24
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587B12 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a0c319eb12145dff2ed2ea73993f2b64b3d73abfe1b94588061ca056ebb62e5e
                                                      • Instruction ID: c8de49ce4425f865b0feaed02a9676675b339cb9c28023b35ab465c789960750
                                                      • Opcode Fuzzy Hash: a0c319eb12145dff2ed2ea73993f2b64b3d73abfe1b94588061ca056ebb62e5e
                                                      • Instruction Fuzzy Hash: 3EF0C474A10208DFCB24EFA9E4857ADBBB2FB49320F65946AE555A3341DA315984CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587DC2 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 04c9c3f59ef44e0f3df0d90faa32ca67b9535f83b0c245516e9984b91789c466
                                                      • Instruction ID: 2cbe629a5cd39713ca04f61969985df8b8d52e44bc029787650db613fe4e1413
                                                      • Opcode Fuzzy Hash: 04c9c3f59ef44e0f3df0d90faa32ca67b9535f83b0c245516e9984b91789c466
                                                      • Instruction Fuzzy Hash: A7F0C4B4A00218CBDB50EF68D884BACBBB2FB08310FA1959AE549A3340CB715E85CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587F11 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 133a7f94410e2960a46ceea5b391ea6b434b5031068e775cd2ad4baa599fc6f0
                                                      • Instruction ID: 7e173c92cb1597ada45d26d107a0f05d53ca0a7fa86238ed878e541da4f98787
                                                      • Opcode Fuzzy Hash: 133a7f94410e2960a46ceea5b391ea6b434b5031068e775cd2ad4baa599fc6f0
                                                      • Instruction Fuzzy Hash: 1BF06D34945108CFDB10EFA8E494BADBBB2FB08304F60506AE506B3381CB315A84CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588120 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f33a472a769be76423945a765ccd6b90a314a2eec5da6383f26967b7265a9cc
                                                      • Instruction ID: 9669335a6f5356ea558760823b18c6b823b61e6ac8124afa15e7f5c4272eb3af
                                                      • Opcode Fuzzy Hash: 1f33a472a769be76423945a765ccd6b90a314a2eec5da6383f26967b7265a9cc
                                                      • Instruction Fuzzy Hash: 2AF0E778910208CFCB50EFA9D495BACBBB2FB48310F61516AE515B3242CB715A84CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558818C Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e5220a4a9c818a4408e927320473ea6e9d2c4c8e01d792168f2e8f4e89beb02
                                                      • Instruction ID: c3c3c6a178c235aad2d9d134ad5b47c9a405c726bd654c2476e04dd12e42f29b
                                                      • Opcode Fuzzy Hash: 9e5220a4a9c818a4408e927320473ea6e9d2c4c8e01d792168f2e8f4e89beb02
                                                      • Instruction Fuzzy Hash: 54F0EC74A1021CCFDB10DF59D888BADBBB2FB49310F915596E506B7241DB716E80CF25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558805E Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b8fb1fbbe8274fe8c04683ab72a7c9781208df3c223b4a1c613be2a0f8b872c
                                                      • Instruction ID: 7ea18160d682be1b38d7d2666ebce9545edf55cd6f044cd18e31ad0925f84f72
                                                      • Opcode Fuzzy Hash: 9b8fb1fbbe8274fe8c04683ab72a7c9781208df3c223b4a1c613be2a0f8b872c
                                                      • Instruction Fuzzy Hash: C5F04F34D10108CFDB10DF98D889BACBBB2FB08300F10409AD50AB7345CB305A84CF20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05580841 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1a48fa0d3ba35311d7ed2fcdd6627a8a1e2a0fc5072e988757e4888e67f1b9c
                                                      • Instruction ID: c9a641dc8564ddf2dc615636e4a05294ef25cecc1e88f58e697bcf1c40aa3dee
                                                      • Opcode Fuzzy Hash: b1a48fa0d3ba35311d7ed2fcdd6627a8a1e2a0fc5072e988757e4888e67f1b9c
                                                      • Instruction Fuzzy Hash: 87F082349092859FC751CFA8D884AE8BFF0BF06310B1582D6D464977B3C7309945CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558BBE0 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8e4b6c639dd44907a5db022ca04acd477d09dd61d2711bcd9540aaa8de01253
                                                      • Instruction ID: 710ea9292176be4e045a7b57de41e8ca26c48e3395b68706c4b197a693c4e554
                                                      • Opcode Fuzzy Hash: f8e4b6c639dd44907a5db022ca04acd477d09dd61d2711bcd9540aaa8de01253
                                                      • Instruction Fuzzy Hash: ACF06531A04719AFCB19DB94D0497EDFFBAFB84221F4481A5E006A3240DF701AC1CB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2BD8 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7184172b40bd48df3df0c8f7b420d98ca8200a0abb4f2442382af0d90cfc7da
                                                      • Instruction ID: 532849c6a8c59e69958524a980fc5e9fab15afa05be224479e23c2eb2f6b9766
                                                      • Opcode Fuzzy Hash: b7184172b40bd48df3df0c8f7b420d98ca8200a0abb4f2442382af0d90cfc7da
                                                      • Instruction Fuzzy Hash: 25E0266674E2150BE726291C7C5137DE7B2FBC5250F45093EEC02C7387DE448C019392
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055882B9 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 95c2b58886e010948e8802bfa790fa800fff453c71acb50289e520253c2a8d59
                                                      • Instruction ID: eeb1546d1d04790953616a493bbf737a9ea180d7c7157dc66c1a19beba409045
                                                      • Opcode Fuzzy Hash: 95c2b58886e010948e8802bfa790fa800fff453c71acb50289e520253c2a8d59
                                                      • Instruction Fuzzy Hash: D2E01B74904148EFC744DFE8D945BACBBF5EB45304F1484AD9C49E3351DA319A41CB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B2C38 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb67970db5dbe3e279c62ea7a57963b31161fc88cb4aaa4a87b113d2c37ad13f
                                                      • Instruction ID: 442123c7e1c5963904894db17f5623fa849bf7e44031b68445a8c6f8b405f5d7
                                                      • Opcode Fuzzy Hash: fb67970db5dbe3e279c62ea7a57963b31161fc88cb4aaa4a87b113d2c37ad13f
                                                      • Instruction Fuzzy Hash: 11E01A313403095FCB109A2AE98484BFF9AEEC03647109A3AE11A87229DE71ED4A8690
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFEA9 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f907c51b463bb3d47d991bcc97a7d13505ccc5d88966445ec8181fbe4eea12be
                                                      • Instruction ID: 1936e6104bba28bf8079329daa6f49528d1cacbb96f2a0eb272e2f579c1d7ebb
                                                      • Opcode Fuzzy Hash: f907c51b463bb3d47d991bcc97a7d13505ccc5d88966445ec8181fbe4eea12be
                                                      • Instruction Fuzzy Hash: 6DF03974909208AFC704DFE8E9417ACBFB5EB89314F14C0AAEC45A3352CB725A56EF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055893F0 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ee6a5c8268ccd25fd0f9ca557b5ab2123923f57c0a55c6d2870b2cfc1324fa8
                                                      • Instruction ID: 53c0ae0baa691dc08e30089c7defdc53655aab94b197ceb9a627cfc61c7a3dc7
                                                      • Opcode Fuzzy Hash: 1ee6a5c8268ccd25fd0f9ca557b5ab2123923f57c0a55c6d2870b2cfc1324fa8
                                                      • Instruction Fuzzy Hash: 68E0D830A50208BFDB10DF64DD51FAEB7B9DB40244F5140D9F904A7240DA309A008760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C33DB5 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d245413ea9575b846184ea78787e6a3a70132d06515559c98f1abc36040f460
                                                      • Instruction ID: f5df1319cb061b0b333d3eab1e80406b3ca25049d65c9978a1f560003d92991a
                                                      • Opcode Fuzzy Hash: 8d245413ea9575b846184ea78787e6a3a70132d06515559c98f1abc36040f460
                                                      • Instruction Fuzzy Hash: A6F09D75D052AACFCBA1CF28D8487DDBBB0BB4A304F0099E6D849A7241D7358A81CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFE10 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e76a90254c4a654b25fc8a6778d4a24e5fbe46b6571af483ea22d219a64e01b6
                                                      • Instruction ID: da0cb07ecf571221a1311b0c955790ce8a279d7c730bd877f0b3a5553e781b2d
                                                      • Opcode Fuzzy Hash: e76a90254c4a654b25fc8a6778d4a24e5fbe46b6571af483ea22d219a64e01b6
                                                      • Instruction Fuzzy Hash: 8AF030749092489FD745CFA4C9419ACBFB0EB4A714F1491DADC9953252CB324E42EF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BF890 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b53e4f7e712ff3c97ccbf83cd6245d7e765126abbf352e88f5f45df1765f4eed
                                                      • Instruction ID: 5a2fb6e772fe5ada824ffa2b2eadee157a38dcc2e1e491613cf57262495c18f3
                                                      • Opcode Fuzzy Hash: b53e4f7e712ff3c97ccbf83cd6245d7e765126abbf352e88f5f45df1765f4eed
                                                      • Instruction Fuzzy Hash: DCE06534D08248ABDB05DBA4E805AADBFB5AB46304F14C0EDEC4513352C6725A41DB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588FA0 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e8db216ab667da4b1f15afc48335479b6109f6b41fb84442524f647d33fbb3b
                                                      • Instruction ID: 10cbaa3ca1fe5fa2d2acefbb66ea6b2b6e56bfed0b8f1a39011aa2d8ebc9dc45
                                                      • Opcode Fuzzy Hash: 6e8db216ab667da4b1f15afc48335479b6109f6b41fb84442524f647d33fbb3b
                                                      • Instruction Fuzzy Hash: 98E08671E8524DAFCB80EFB8D9516DDBBFAEB45310F5181AAE808D7341EA315E04CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587048 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f180fdc00f0fb579821783f7fdd1b681328d4db11bb346e6a9895f19b489237
                                                      • Instruction ID: ce4ebe390b67a41b5f72689bc5f28be8131a80cc456d37d35ba07fd4c3851024
                                                      • Opcode Fuzzy Hash: 9f180fdc00f0fb579821783f7fdd1b681328d4db11bb346e6a9895f19b489237
                                                      • Instruction Fuzzy Hash: 3BE0D82454D285D6C750CBB4D8497EDBFE0AB0A311F1556D9D89466292CA321641DB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055872E8 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94e4bc2cf0a347436c36ca7ad18ec406ebee44a8e016a90540306d27c60b6f67
                                                      • Instruction ID: 4e0fc6181f294d4a036f2d9b475685bdbf6978cc53eecb0b4db4e57da105c236
                                                      • Opcode Fuzzy Hash: 94e4bc2cf0a347436c36ca7ad18ec406ebee44a8e016a90540306d27c60b6f67
                                                      • Instruction Fuzzy Hash: FDE02670C8610CEBC704FBA4EC057ADBBB8EB0A301F6044A4E84473201DE320A82CA5A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590C5E0 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction ID: bbe63063a98736d11fea0b46563825eeb21c9b53ff74b4ba021434b923e27379
                                                      • Opcode Fuzzy Hash: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction Fuzzy Hash: 24E03974E08208EFCB84DFA8D844A9CFBF4EB48300F10C5A99808A3340DA319E41DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05905728 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction ID: 8f744335b4fa90f64e7e2baad636e177ca2056f6a7928f9fe671cfa83d94ed63
                                                      • Opcode Fuzzy Hash: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction Fuzzy Hash: 2DE0C974E04208EFCB44DFA9D9856ACBBF5EB48310F14C4A9D809A3351DB319E51DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590AF60 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction ID: c0698f9586cf6ca15e7c4ab750626d9de2406e9b99653ef35cc392c1795d11fc
                                                      • Opcode Fuzzy Hash: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction Fuzzy Hash: 8FE0ED74E04208EFCB84DFA9D94069CFBF5EB48310F10C5A9D858A3351DA319E51DF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05909668 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction ID: 6dcde18a41393ac797a28b407fdb418d2f82cbcd30fbe426589d14246763b911
                                                      • Opcode Fuzzy Hash: a3b30f31c82b3529aaaf8697443d33baba2ca7475d83d68ca23b80b968bb0146
                                                      • Instruction Fuzzy Hash: 90E0C974E04208EFCB44DFE9D94069DBBF5EB89314F10C5AA9809A3351DA329A51DF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588878 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 978a210ac17121c145e1114ca8bc1ce702fcd6d86da2fbb340d92a3dbb4afc2f
                                                      • Instruction ID: 2b202b49f347c20d2118ac12e97edcd5f52ba73933650e37a8817c41c9fc402a
                                                      • Opcode Fuzzy Hash: 978a210ac17121c145e1114ca8bc1ce702fcd6d86da2fbb340d92a3dbb4afc2f
                                                      • Instruction Fuzzy Hash: FCE0ED74E04208EFC744EFA9D9406ACBBF4FB48300F10C8A9D818A3341DA315A42CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C359DD Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d679f3abde3dca23a1d82165920e4ee977d8903f1ae9c2637ffa0185c27ebc90
                                                      • Instruction ID: f7eb2db3f58cc824e1ab839d2a3b7fc412136a7f39cefa2bb272cf335cccdae2
                                                      • Opcode Fuzzy Hash: d679f3abde3dca23a1d82165920e4ee977d8903f1ae9c2637ffa0185c27ebc90
                                                      • Instruction Fuzzy Hash: 9AF0D4B8904269CFDB20CF64D8487C9BBB4BB09305F0099DAD90DB3240C7355E84CF99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFEF8 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 909bb0b4bd4178f12e13fcb32ce0237bea4da24bdc18aab2f5c5cdac4ac04f12
                                                      • Instruction ID: a51964d9e743b941b4dd1e47fd935530e9b8c39c789360e74a72b1bd466eabb4
                                                      • Opcode Fuzzy Hash: 909bb0b4bd4178f12e13fcb32ce0237bea4da24bdc18aab2f5c5cdac4ac04f12
                                                      • Instruction Fuzzy Hash: B4E0C2A068E2889AC710CBE8AD017E97FACE703A10F106199EC45122528BB20A00EB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05908D70 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c7bd9129ade72d012a87c307268279ded02e948c4d3609bea50df0930b3c2fa9
                                                      • Instruction ID: b44318a2d26230d8d2d5630b6949dac109e6b886d8deddb0487e70bb4d0d5256
                                                      • Opcode Fuzzy Hash: c7bd9129ade72d012a87c307268279ded02e948c4d3609bea50df0930b3c2fa9
                                                      • Instruction Fuzzy Hash: 43E0E574E04208EFCB84DFE9D9406ACBBF4EB48300F10C9A99858A3341DA319A42CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05586F20 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0533d40f678948316083e4f6f8236043b0e3ab779d38db448e0e28817738d082
                                                      • Instruction ID: 07477eec64f44d2f91378832c266ee3825b9b57f2199ddb8e64afa20a901da28
                                                      • Opcode Fuzzy Hash: 0533d40f678948316083e4f6f8236043b0e3ab779d38db448e0e28817738d082
                                                      • Instruction Fuzzy Hash: 84E01270E09208EFCB84EFA9D5046ACBBB5BB48300F1080AAD848A3350DA359A40CF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFE20 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15b830d910e9d7b50800f2a7cf41121d42e850e1d1802a4d47aefd31293e0a66
                                                      • Instruction ID: bd686fd097b03c8ed7acbb204e5cfd29ee63f17d8ec34cce774f416e535d0e6a
                                                      • Opcode Fuzzy Hash: 15b830d910e9d7b50800f2a7cf41121d42e850e1d1802a4d47aefd31293e0a66
                                                      • Instruction Fuzzy Hash: 9FE0E574904208EFCB44DF98D944AACFBB5EB49710F10C0A9E84863351CA729A52EF84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFEB8 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15b830d910e9d7b50800f2a7cf41121d42e850e1d1802a4d47aefd31293e0a66
                                                      • Instruction ID: 13a2cf712186a9c3a8ff30adbe3984f6968076e18f9e732a24705c39136eefbb
                                                      • Opcode Fuzzy Hash: 15b830d910e9d7b50800f2a7cf41121d42e850e1d1802a4d47aefd31293e0a66
                                                      • Instruction Fuzzy Hash: AFE0E578904208EFCB44DF98D940AACBBB5EB48310F14D0AAE80963751DA729A51EF84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BF3A0 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b79e7c859d283d888c401ee958a646db204081c3fefe37d1d50aca5eef6c6243
                                                      • Instruction ID: 769ca97b22f87bd67ebacfdddd09fb0f4e5e75c84718305f256956abeb6a49bd
                                                      • Opcode Fuzzy Hash: b79e7c859d283d888c401ee958a646db204081c3fefe37d1d50aca5eef6c6243
                                                      • Instruction Fuzzy Hash: 8CE02630A0D2448FD746CBA4DE006A87B70AF46314F14D5CEDC48472A3CE364D03DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590EFF0 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e79ca858ddf0cbb8356def195d1b829e3b64d48c13c2acf0adca60685051fae
                                                      • Instruction ID: b8e651f995bb1f8e4217c74cf0f74ba5ebf28fd2d75c1bc387ffcf2fd07ffd97
                                                      • Opcode Fuzzy Hash: 3e79ca858ddf0cbb8356def195d1b829e3b64d48c13c2acf0adca60685051fae
                                                      • Instruction Fuzzy Hash: 9AE08675909208EFC704DFE4D9409ADBFB8AB49310F10D499E84857381CB329F42DF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558DBC8 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63f99d21eb9893991c9e9f1e2bbeb3e26aeafb5048584bf5b89bbd8d28b2dcfb
                                                      • Instruction ID: 241ee79ae40c8643a128866335dcd13ede0eb5ea607c48c25cf22efaff4f46e2
                                                      • Opcode Fuzzy Hash: 63f99d21eb9893991c9e9f1e2bbeb3e26aeafb5048584bf5b89bbd8d28b2dcfb
                                                      • Instruction Fuzzy Hash: 08D05B313443149BDB2479649D01F7173E97F45761F250866D6067F2C0D5B2EC41CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055882C8 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e9494a60f6e986b1442e910936785affdcc89632cf67c11be9c29dc8320eb572
                                                      • Instruction ID: fc3b5b80791a3c2ead545ff219fef3052f232f3165ea28c9df8a461c858670bb
                                                      • Opcode Fuzzy Hash: e9494a60f6e986b1442e910936785affdcc89632cf67c11be9c29dc8320eb572
                                                      • Instruction Fuzzy Hash: 87E08630904108DFC784EFE8D9406ACBBF4FB09304F1084A9D849E3341DA319E41CF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C38023 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51647ec5c39667b2abcc9c6b66b54876ba8897d1fa52311bf7d02805327c444e
                                                      • Instruction ID: c8b7e3626b8eb2f8f3ec32c90b74356086067562543a8c8f64a64802d6dd0acc
                                                      • Opcode Fuzzy Hash: 51647ec5c39667b2abcc9c6b66b54876ba8897d1fa52311bf7d02805327c444e
                                                      • Instruction Fuzzy Hash: EDF07478E11268CFDB60CF59D88978CBBB4BB4A314F1099D6D809A3240DB745EC4CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05908130 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e91c53afc7652de32600e27d278618d0b3de57f22acf384db074dd6444cc98c4
                                                      • Instruction ID: 9705acf45ae58ebe0ad367a063f38e817d9e97aab8a4b166adecbef79e406f4f
                                                      • Opcode Fuzzy Hash: e91c53afc7652de32600e27d278618d0b3de57f22acf384db074dd6444cc98c4
                                                      • Instruction Fuzzy Hash: 87E01A74E08108EFCB44DBA9D9415ACBBB4AF4A200F10D4A9D85853381CA315A41DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587058 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44bed3b6e8bb0e7ca9d94cd1f546a9dadc1e05f49c6e4ed243893b2e814e7808
                                                      • Instruction ID: f2a4b575c149dc797d37ff0f264b2bd71b649a5847d961bb54ca934d737c15e0
                                                      • Opcode Fuzzy Hash: 44bed3b6e8bb0e7ca9d94cd1f546a9dadc1e05f49c6e4ed243893b2e814e7808
                                                      • Instruction Fuzzy Hash: F0E0B670959208EFC744EFA899496ACBBB4AB09241F2055A9E849A2251EA325A44CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C30D5A Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 59b7a59f056c7f5bb53c95b8f10015da416162ce8b457efe958564e2a9f56127
                                                      • Instruction ID: fb4f90a6830b0cfbe9893ee04d5a3c9561dcec8371d2e54e630d803f3e0fb852
                                                      • Opcode Fuzzy Hash: 59b7a59f056c7f5bb53c95b8f10015da416162ce8b457efe958564e2a9f56127
                                                      • Instruction Fuzzy Hash: 27E0E673906211CEE716AB6258143E9B7B59F00349F094D61DD59A3041D754A90986D2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BF8A0 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51c65cc7b203b18d7b996f573b17f78f58f483031df48b528f7ea78d88c206d9
                                                      • Instruction ID: 032f90805e9666ddacd314b3c61dae9e0b2a0ea1b4bb831ecd086000e4eede9b
                                                      • Opcode Fuzzy Hash: 51c65cc7b203b18d7b996f573b17f78f58f483031df48b528f7ea78d88c206d9
                                                      • Instruction Fuzzy Hash: 59E0EC35D09108EBD704DBE4E9416ACBBB5AB45314F109199E80927352CA725E86DB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BF3B0 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51c65cc7b203b18d7b996f573b17f78f58f483031df48b528f7ea78d88c206d9
                                                      • Instruction ID: 996b8087db70d503e064fb8a5cfdd67538739dff50ba31ea1ed7194fbc25d04a
                                                      • Opcode Fuzzy Hash: 51c65cc7b203b18d7b996f573b17f78f58f483031df48b528f7ea78d88c206d9
                                                      • Instruction Fuzzy Hash: 65E01234909208DBCB04DFE4ED416ACFBB5EB45314F10D199D84927351CB725E46DF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590FC60 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 213bf24dada021d06e79cfe0ba20b77e7908c77cc73c265789c10126bf0e57ec
                                                      • Instruction ID: 1a62b34cc9752fedefd1393525787248a3c7ec4e675ba52fd8ae0c7b646c5a16
                                                      • Opcode Fuzzy Hash: 213bf24dada021d06e79cfe0ba20b77e7908c77cc73c265789c10126bf0e57ec
                                                      • Instruction Fuzzy Hash: 4EE08C70999308DFC750DFB8E84629CBBF8AB09310F1054A8DC48E3250EA300B80CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590CEF8 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ce6e9bb53cabfb587a7bf85f09a080bd3bfb1387e2e5ccb8f970fdc447b6785
                                                      • Instruction ID: 632f60e5befe0afa07f77952f95bd08a00d7e1d579de68ebf5d85e35a2383c2d
                                                      • Opcode Fuzzy Hash: 3ce6e9bb53cabfb587a7bf85f09a080bd3bfb1387e2e5ccb8f970fdc447b6785
                                                      • Instruction Fuzzy Hash: A9E0EC34909108DFCB08DFE4E9415ACFBB9AB85315F1095A9DC0927391CA325E46DB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05589400 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13db1437339bafd4c3ac15e0c7df095537c0ea58c88d00cd30e265687c3ef8ff
                                                      • Instruction ID: 8bb415247b6bef8e19705bae626e0ac0ea699f8ac7f2a909048668d2c7a0d37b
                                                      • Opcode Fuzzy Hash: 13db1437339bafd4c3ac15e0c7df095537c0ea58c88d00cd30e265687c3ef8ff
                                                      • Instruction Fuzzy Hash: 8EE01270A5120DEFDB10EFB5D941A6EBBF9EB44250F5185EAE9049B284DE316F009790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C35AC9 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b3db3fd1774aa8f0d7b1a3284d75775e6bd713912104b588a29e1ac4c71f6cd0
                                                      • Instruction ID: cf8406bb18e380416a74556074d605b489e6523fbb53e9e53139b74d578a866c
                                                      • Opcode Fuzzy Hash: b3db3fd1774aa8f0d7b1a3284d75775e6bd713912104b588a29e1ac4c71f6cd0
                                                      • Instruction Fuzzy Hash: 8FF04D78D002A8DFDB60DF55EA446D8BBF5BB48340F1084DAE48AA2254D7B45EC0DF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588FB0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af87f1b0490db38971799f8742aec36dd0f6e48e38923c755378b36e7af11353
                                                      • Instruction ID: 353766ab9e75839a14471c27f56935b5cae39f96f5c28d9534832c13e3e0fd1c
                                                      • Opcode Fuzzy Hash: af87f1b0490db38971799f8742aec36dd0f6e48e38923c755378b36e7af11353
                                                      • Instruction Fuzzy Hash: 9CE01230A4120DEFCB40EFA8E94169DBBF5DB44310F6081A9D808D3345EA316F04DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BDF48 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1dd0a5a02167db51beac7feb302f25dfe491489958436fbf7105cfc9b49f6740
                                                      • Instruction ID: ce506ce920570a581bbef7b26b542ad12cb897dae0b69342f4df1d40bd33cb68
                                                      • Opcode Fuzzy Hash: 1dd0a5a02167db51beac7feb302f25dfe491489958436fbf7105cfc9b49f6740
                                                      • Instruction Fuzzy Hash: C6D05E7050D108DFC754CBD5E900BA9B7A8EB46318F109098A80D53351CE729E01EB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6B40 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24556d5de628fb7e117610da67ba57c7d555905905edb57b5daaae0fff4d705f
                                                      • Instruction ID: 524b75c85f5bf205ca36d367ee763189764c08a8b93c312aff9edf122cfa3551
                                                      • Opcode Fuzzy Hash: 24556d5de628fb7e117610da67ba57c7d555905905edb57b5daaae0fff4d705f
                                                      • Instruction Fuzzy Hash: 8BD05E321062445FC701DB10F854CE17F749F263227214086E6048B173D561C810D761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587D4D Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82fa34dbc93fd65b1e421511978c6199001a470d2b57829d7e44a636859cf1bc
                                                      • Instruction ID: 68f26d6cae66e22d99c7f9135b0ebe9d2e608d31c1d57b80c4d6a5f48a63f2fb
                                                      • Opcode Fuzzy Hash: 82fa34dbc93fd65b1e421511978c6199001a470d2b57829d7e44a636859cf1bc
                                                      • Instruction Fuzzy Hash: 0FE04F3891421CCBCB64EF64D8647ADB776FB48300F11545AD51A63346CF301905CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587D00 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e1a60fe26107ce26456bb5651f982b6929924c1b529d9e49083abb059b69373
                                                      • Instruction ID: ae539d20db9b4b4300645c42a92c761e722e893e550f73c21288c4be9e6767a8
                                                      • Opcode Fuzzy Hash: 0e1a60fe26107ce26456bb5651f982b6929924c1b529d9e49083abb059b69373
                                                      • Instruction Fuzzy Hash: D5E01234A1421CCFCB04EF6CD895AADBBB2FB48304F414499E60AA3381CF301A48CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587CB3 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ad8c9627f13de81adbe02cba71fd675cfdd60b591f266ba7620f8f0bd00267e
                                                      • Instruction ID: a670e5d355593928a1a48897567dab932c265baf3877a5efb5884ab08f44f936
                                                      • Opcode Fuzzy Hash: 2ad8c9627f13de81adbe02cba71fd675cfdd60b591f266ba7620f8f0bd00267e
                                                      • Instruction Fuzzy Hash: 30E09A34A0430CCBDB08EF64D4A57ADBB72EB48301F515459D50A67245CB341989CB65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055880D3 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ca38cfad739a68605c3b1e1b90150f84e6a7d8693cfef9f94098742dcbb4669
                                                      • Instruction ID: aa5b36279fbe5798762ad59046977c32ba171d26477f9f961d428484385a3a5d
                                                      • Opcode Fuzzy Hash: 2ca38cfad739a68605c3b1e1b90150f84e6a7d8693cfef9f94098742dcbb4669
                                                      • Instruction Fuzzy Hash: 03E0BF7490020CCFC754EFA4D4A57ADBBB5EB49310F11945AD51A7B344CA705984CF74
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BFF08 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 33b741af167dc7e98c3e70711df0f31cb4c03aeaabc25f427664ecef521137a4
                                                      • Instruction ID: fa7a2532c963da3bfc04769e3da63f17cf6b6f2529a67e4fcea7c8ab8bd936bf
                                                      • Opcode Fuzzy Hash: 33b741af167dc7e98c3e70711df0f31cb4c03aeaabc25f427664ecef521137a4
                                                      • Instruction Fuzzy Hash: 55D0C9B058A1489EDB44DBA9AD01BAD7AACA707611F1065A8E809232619EB11E40EA55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BAAB0 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41e843b28046b8aab3a812d9227efbb2d4976f9d6d644bb4c55594e078385b26
                                                      • Instruction ID: ab4b08a607ba345a2420eb0f840399ef69da9a72442139e73d5ce4211d810281
                                                      • Opcode Fuzzy Hash: 41e843b28046b8aab3a812d9227efbb2d4976f9d6d644bb4c55594e078385b26
                                                      • Instruction Fuzzy Hash: 4AD0A9F7B401009BE6047690E818B97B2B3E7E0311FA88034940482760C9B6C853EA21
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C35413 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0356c821aab3eb3f81caa1b175f1d91eac1b41751ae0569064beeb4c2d48906f
                                                      • Instruction ID: 288450a4fcb7b14c11ccea7747ec66f0cd2531f4ea8c3c87cbc5da6c304492ac
                                                      • Opcode Fuzzy Hash: 0356c821aab3eb3f81caa1b175f1d91eac1b41751ae0569064beeb4c2d48906f
                                                      • Instruction Fuzzy Hash: F4E09278A00368CFDB60CF24C945BDABBF0AF08301F0450D5A649AB244D7B4AE84CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558142A Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db6157908749125d907fc577cbc13199fdccde2e093d5a46ec88e225e1b0495d
                                                      • Instruction ID: e77f45bbd77e17e4c76ca2be4bb2b16415c04a0747f78b37d8a7cbe5c5c0ab83
                                                      • Opcode Fuzzy Hash: db6157908749125d907fc577cbc13199fdccde2e093d5a46ec88e225e1b0495d
                                                      • Instruction Fuzzy Hash: B0D01774E24229CFCB04EF65CA486A97BA2FB81300F000AA6C0067B354DBB04DC88F80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055862D1 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a4be4bc68e16e58d4317ba59fce592d0efeaeeb95b9eec02fd54a5c38325cb6
                                                      • Instruction ID: e77f45bbd77e17e4c76ca2be4bb2b16415c04a0747f78b37d8a7cbe5c5c0ab83
                                                      • Opcode Fuzzy Hash: 3a4be4bc68e16e58d4317ba59fce592d0efeaeeb95b9eec02fd54a5c38325cb6
                                                      • Instruction Fuzzy Hash: B0D01774E24229CFCB04EF65CA486A97BA2FB81300F000AA6C0067B354DBB04DC88F80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0590D2C8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c590e16e184674ac8dfdb269528db4fc67ddfe8277a61a3574fbcb4042836a62
                                                      • Instruction ID: 7021a000c057b807e9ed2c4fc38113a9a62fc3d6ade759c022bfd6a4ae21ee06
                                                      • Opcode Fuzzy Hash: c590e16e184674ac8dfdb269528db4fc67ddfe8277a61a3574fbcb4042836a62
                                                      • Instruction Fuzzy Hash: E2C08C2008E3088EC25463D96808374B79C970B201F407C00F40E110A18F708490CE04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558D771 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3f4e39fbb2058825611efef299b597049d71ded7600c6044c323d47ec66ac82b
                                                      • Instruction ID: b74111345498eac3b371617f6be0d03b08df1b678b8b219d4d86c0d33a136d22
                                                      • Opcode Fuzzy Hash: 3f4e39fbb2058825611efef299b597049d71ded7600c6044c323d47ec66ac82b
                                                      • Instruction Fuzzy Hash: F6C08C326082006ED7459714CD2EB4EFAB2AFC1710F4A806EB080A3668EB228400C122
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587CA6 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a5b4c85bed344a79901efc0d08c993ddcc63818231fa47ac5fdd45634633371c
                                                      • Instruction ID: f61319e28e5fe1440c8f639732cddc282cb72aa68326290ca033a9c68e67def8
                                                      • Opcode Fuzzy Hash: a5b4c85bed344a79901efc0d08c993ddcc63818231fa47ac5fdd45634633371c
                                                      • Instruction Fuzzy Hash: 9FD0127051810EC7D705EF51E45837EBB72F74C305F215D16911327685CBB5094487A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558A870 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c8defe4d88856ead263347a587cafb53c4d1f622dd8cd0db3497a41da1d1d76c
                                                      • Instruction ID: 26898d346ed38c801b9b67e4afe424888a510cbaeb22a47104941037317d6b2e
                                                      • Opcode Fuzzy Hash: c8defe4d88856ead263347a587cafb53c4d1f622dd8cd0db3497a41da1d1d76c
                                                      • Instruction Fuzzy Hash: 03C092313C12082AEE408908CF17FC9AA25CB81B09FA62804BA80B89C0C9804081C420
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055802C8 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08b32ad8a79efd74607288cc5e0879f247dce99c8578e539275cebd406714488
                                                      • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                                      • Opcode Fuzzy Hash: 08b32ad8a79efd74607288cc5e0879f247dce99c8578e539275cebd406714488
                                                      • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C31E10 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fa3e553805154122054bcdc5d5961fd5c33f308de260e92a12674d85b6a98f8e
                                                      • Instruction ID: ecd5d4adeee25e2d46cfb912b66d3730a65a9886dd09dc6002d86bbdaa5d56af
                                                      • Opcode Fuzzy Hash: fa3e553805154122054bcdc5d5961fd5c33f308de260e92a12674d85b6a98f8e
                                                      • Instruction Fuzzy Hash: FFB092648086D01EEA072260042A2443F6108C24057C800CB8880860A69A484906469E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05587E34 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61bcebe490c8a19439733895ac8530994a085b09f6e0e74cb891fb4956248c07
                                                      • Instruction ID: 6df66d489c8e84bda55c4cb8197a59d5e94d0b5f9b03a2841339531d3dbe81a0
                                                      • Opcode Fuzzy Hash: 61bcebe490c8a19439733895ac8530994a085b09f6e0e74cb891fb4956248c07
                                                      • Instruction Fuzzy Hash: C1C08C3012420DC7D704EF50D45837ABA23E749304F115025910737284EAB509108B64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C328F0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5fca61bb3f4daf3104991f6cf6709faf4a0915e4111814f31456937e2a4fda30
                                                      • Instruction ID: bd8dad19059d6434dd75f6e004a7dc1dcb19147cc06cbd58eadd28dac1a17468
                                                      • Opcode Fuzzy Hash: 5fca61bb3f4daf3104991f6cf6709faf4a0915e4111814f31456937e2a4fda30
                                                      • Instruction Fuzzy Hash: 0EB092B28881C00ECB052EA141060283B21EA2220978321E7C800CE4A3AD08C0575652
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B6B50 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C327F0 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                                      • Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
                                                      • Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                                      • Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BAB28 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad7d9908e481a390d46f42a5342c9d20a8560e891bad1dc56168f0fe41f33ceb
                                                      • Instruction ID: 7846404c2a8426ca0f59dce34d8cf89a400494381b5bf3158182be6154b162d2
                                                      • Opcode Fuzzy Hash: ad7d9908e481a390d46f42a5342c9d20a8560e891bad1dc56168f0fe41f33ceb
                                                      • Instruction Fuzzy Hash: A9B09232140208AB86009F85ED04896BB6AAB58700700C025A60906122CBB2A862DA94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05581770 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8de43c8b1d39c208f916be2642df2d2bb4617686558cb1cf91d410707e6cf7d7
                                                      • Instruction ID: 3e9b90993f832ebc73a7bdb399d6ddb0cf30d1ec5c8e628bb60160bf4d022d34
                                                      • Opcode Fuzzy Hash: 8de43c8b1d39c208f916be2642df2d2bb4617686558cb1cf91d410707e6cf7d7
                                                      • Instruction Fuzzy Hash: C2B09230515214CBDB24DB10CC08B7DBB36AB16302F0084C6900A331A1CB711E86CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C30890 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 33f9877504cb5f18cb1705f49f801e1ce2b08fd754dd3dec5c348a9a83197582
                                                      • Instruction ID: 2ad4c1c294a285d6454a29519896cdcb2b91da62f9858a2d0198081bc785937f
                                                      • Opcode Fuzzy Hash: 33f9877504cb5f18cb1705f49f801e1ce2b08fd754dd3dec5c348a9a83197582
                                                      • Instruction Fuzzy Hash: D390027104465C8F854427D67809695779CD74462A7804056A50D515115A5664A445A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 0540FEBB Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4[6]$UUUU$UUUU
                                                      • API String ID: 0-4119833213
                                                      • Opcode ID: aa9ebb04023aa5e51229ea3762c8c6e01c1efd7d75e3134977d40382f2ba2c6d
                                                      • Instruction ID: 6d82b9b91ebeead448d05d49147bca4e6be78eb6322516642861d54dd2288149
                                                      • Opcode Fuzzy Hash: aa9ebb04023aa5e51229ea3762c8c6e01c1efd7d75e3134977d40382f2ba2c6d
                                                      • Instruction Fuzzy Hash: 59F1A270E146199BCB54CBA9C980ADDFBF2BF88304F24D269D418EB24AD734A946CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E8AE0 Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$8$ ~d
                                                      • API String ID: 0-1253935621
                                                      • Opcode ID: 353f6563edcea429db955949db3f6765c9aa1ba7dcd49045755b871f432696bb
                                                      • Instruction ID: d354256f11a9c2728f3cb16463fa45ff1d61f11c588250527b43d4680eea317b
                                                      • Opcode Fuzzy Hash: 353f6563edcea429db955949db3f6765c9aa1ba7dcd49045755b871f432696bb
                                                      • Instruction Fuzzy Hash: B551E8B0E052288FDB68CF1AD8847D9BBB6FF89300F40D5EAD509A7254DB705A85CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0558D2E8 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$,bq
                                                      • API String ID: 0-1616511919
                                                      • Opcode ID: eca103bb13277b2ef0a0d5dd172b76b555ed9ca4b1d0453fc4847940d4de87b9
                                                      • Instruction ID: e4c3951450d7c1df3724edcb66248438cd5ad0d77d70a44275abf85a00f819da
                                                      • Opcode Fuzzy Hash: eca103bb13277b2ef0a0d5dd172b76b555ed9ca4b1d0453fc4847940d4de87b9
                                                      • Instruction Fuzzy Hash: 53D1FC34A005098FDB14EF69C584A6DB7F2FF88314F65C459E909AB3A5DB35EC81CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C32CF8 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q
                                                      • API String ID: 0-2697143702
                                                      • Opcode ID: b1457256cfb8e44821029f8a9f2a9d461f134e4028540eebb9a42f6f725d5666
                                                      • Instruction ID: 3a67c93ef36900fba448810137123fa4c3f14758937a472b7404830413b03188
                                                      • Opcode Fuzzy Hash: b1457256cfb8e44821029f8a9f2a9d461f134e4028540eebb9a42f6f725d5666
                                                      • Instruction Fuzzy Hash: 3471E671E102498FD748DF6BE98169ABBF3BF88304F14C53AD0049B269EF755946CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C32D08 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'^q$4'^q
                                                      • API String ID: 0-2697143702
                                                      • Opcode ID: 7fd5835c98558118bcb15a754e373fb4491f0df0af9e04a7d827d398feacb785
                                                      • Instruction ID: ab899245d6031278ff56e3411561e758b949531bad75a6cbdcff04b8813162d3
                                                      • Opcode Fuzzy Hash: 7fd5835c98558118bcb15a754e373fb4491f0df0af9e04a7d827d398feacb785
                                                      • Instruction Fuzzy Hash: 4561C770E102598FD748EF6BE98169ABBF6AFC8300F14C53AE0049B269EF755945CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E8AD0 Relevance: 2.6, Strings: 2, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V$ ~d
                                                      • API String ID: 0-2485792683
                                                      • Opcode ID: fac54e92c1430e065a08839152b6c2a17c49a737cb7f0f7f5d84d059344a8a46
                                                      • Instruction ID: 0ab28d7fafc70146e4793276df394395587c13cfb492d4cc5f14e4e84cf6aabf
                                                      • Opcode Fuzzy Hash: fac54e92c1430e065a08839152b6c2a17c49a737cb7f0f7f5d84d059344a8a46
                                                      • Instruction Fuzzy Hash: 35510AB0E052288BDB58CF2AD84479DBBF2EF89300F00C5EAD509A7254DB705A85CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05588900 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Te^q
                                                      • API String ID: 0-671973202
                                                      • Opcode ID: 8251b87daa705eecbc8acdb19d9f8f882d5c137bf0c601c345a9c0f12bff01dd
                                                      • Instruction ID: 8f60e3e5d699a85aaff439e55565ac1f03874a8b6a7a17cce55909e87d39db90
                                                      • Opcode Fuzzy Hash: 8251b87daa705eecbc8acdb19d9f8f882d5c137bf0c601c345a9c0f12bff01dd
                                                      • Instruction Fuzzy Hash: 55B1DFB0E05218CFEB14DF69C984BADBBF2FB49300F5099AAD409BB295DB705985CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 055888F1 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Te^q
                                                      • API String ID: 0-671973202
                                                      • Opcode ID: 755a83ee5ae6f3a3c125a6065ee73048319442819242a19563c16605da63e60f
                                                      • Instruction ID: f8542094c41078576931c37e79962927b65510ad5a053bfce114000a98403e07
                                                      • Opcode Fuzzy Hash: 755a83ee5ae6f3a3c125a6065ee73048319442819242a19563c16605da63e60f
                                                      • Instruction Fuzzy Hash: 42B1CDB0E05218CFEB14DF69D984BADBBF2FB49300F5089AAD409BB255DB705985CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02C333BA Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1716588765.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2c30000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !
                                                      • API String ID: 0-2657877971
                                                      • Opcode ID: 4a282912379343c030a427578d8943e9904dda0dba21b822d04be9f50e409065
                                                      • Instruction ID: 91bbec7d71a768693b9e14fd1488cbc3aff553a07d01ca679cb21c921a0361ed
                                                      • Opcode Fuzzy Hash: 4a282912379343c030a427578d8943e9904dda0dba21b822d04be9f50e409065
                                                      • Instruction Fuzzy Hash: 0B513D71D016598BE72DCF6B8D456CAFAF3AFC9300F04C5FA954CAA255EB700AC58E40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 058F0040 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +
                                                      • API String ID: 0-2126386893
                                                      • Opcode ID: 03120ba3e584b4691837454f1034e0f55b6a5ae2847f7b1a0ceece5ca068a270
                                                      • Instruction ID: b6168ef3c0f62259429f661931c570f84cc39cb1c1ee02a5fbb8db23297f5f0c
                                                      • Opcode Fuzzy Hash: 03120ba3e584b4691837454f1034e0f55b6a5ae2847f7b1a0ceece5ca068a270
                                                      • Instruction Fuzzy Hash: 9241B374D04229CFDB28DF2AC9587DABAF6BB89304F00D0EAD54DA7245EB740AC59F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E0978 Relevance: .2, Instructions: 209COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f92b69f4f567864a5bae13e14d2e9d1f02413659534d6c05eacd9d6052e9d27
                                                      • Instruction ID: ba657ccfe059006855f97656dc2df5b326dafe57941e7efdb2cde9c89a48e486
                                                      • Opcode Fuzzy Hash: 2f92b69f4f567864a5bae13e14d2e9d1f02413659534d6c05eacd9d6052e9d27
                                                      • Instruction Fuzzy Hash: 95813270E04218CFDB14DFA9D888BADBBF6FF49304F10916AE419A7251DBB09985DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E0988 Relevance: .2, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 456b933cd8903f80aa5c647f14df21fddf48412d8d314b48fc11039e578678ff
                                                      • Instruction ID: 974cfd39cb6d12e93ab8da45839d7f7a6ec03064d1c020befd66bfffbd00c4db
                                                      • Opcode Fuzzy Hash: 456b933cd8903f80aa5c647f14df21fddf48412d8d314b48fc11039e578678ff
                                                      • Instruction Fuzzy Hash: 00815470E05218CFDB14DFA9D888BADBBF6FF49304F10916AE41AA7251DBB05985DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E00DD Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a5ce7e6c667004dac29fa9849bc71558086e70980af4ebde589965710a1fb3e
                                                      • Instruction ID: 6c8c818d17ff00cd5773da5e1e93f51d30d2869d53257e5b31b00cc1b9dd9b07
                                                      • Opcode Fuzzy Hash: 9a5ce7e6c667004dac29fa9849bc71558086e70980af4ebde589965710a1fb3e
                                                      • Instruction Fuzzy Hash: C9A1E174900228CFDB54DFA8D998BADBBF2FB48300F5181AAD10DAB391DB705985DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E0B46 Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cccfefe3427eb2cb7a364eea7d007e87d0c77f4ade03e86a6f6570e399c6299e
                                                      • Instruction ID: 8527311498ead636a724c8ce6831f8b30b80dfa1272aa8da666bff5e9aad931e
                                                      • Opcode Fuzzy Hash: cccfefe3427eb2cb7a364eea7d007e87d0c77f4ade03e86a6f6570e399c6299e
                                                      • Instruction Fuzzy Hash: CB810374E05218CFDB14DFA9D888BADBBF2FF49304F10916AE419A7255DBB09982DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057E5363 Relevance: .2, Instructions: 176COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be9a6a9f79d74635a260884f1360185331901179da606a52a09023c60350421f
                                                      • Instruction ID: 5138d60a4a76df24c4bf129748b76477bf00e94af5166f7481236c78328d69b9
                                                      • Opcode Fuzzy Hash: be9a6a9f79d74635a260884f1360185331901179da606a52a09023c60350421f
                                                      • Instruction Fuzzy Hash: D781B474A01229CFCB65DF29D999BAEBBB2BB89305F1041EAD409A7350DB705E81DF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BE728 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bac6c047bdc04c555b428c738ac68e56e1b884d5af284ec3eac2d6928cb2697
                                                      • Instruction ID: d195dc4c1a7ea47aa069d4fa78c11337a16981e1e07bd5223d6609d4e649c5f3
                                                      • Opcode Fuzzy Hash: 1bac6c047bdc04c555b428c738ac68e56e1b884d5af284ec3eac2d6928cb2697
                                                      • Instruction Fuzzy Hash: E3414874D09208CFEB04DFA5E448BEDBBFAEB49300F10A02AD809AB345DBB45985DF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057BE71B Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7b823fdcb141d75a23ba1862dee64d184b35640a2d7bbe039af0b3979c74d01b
                                                      • Instruction ID: 69abedb6e5a86fa9327be31cbb4e56c3b8748ae2c562b1bf6534aef3266e7e01
                                                      • Opcode Fuzzy Hash: 7b823fdcb141d75a23ba1862dee64d184b35640a2d7bbe039af0b3979c74d01b
                                                      • Instruction Fuzzy Hash: B7512874D05208DFEB04DFA9D449BEDBBBAEB49300F10A02AD809AB345DBB45985DF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0540F9A8 Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b4cd801db60bea0432d9c1e880e194a9c0d622e8dffcf172b690c941cc955f6
                                                      • Instruction ID: a898e1ccfcc364f519c10f4d3250dd92f8680ea63a42a0d8c9bf5ab9b5eba44e
                                                      • Opcode Fuzzy Hash: 0b4cd801db60bea0432d9c1e880e194a9c0d622e8dffcf172b690c941cc955f6
                                                      • Instruction Fuzzy Hash: 695167B1E016189BDB18CFABD94069EFBF3BFC8300F14D17A9918AB265DB3059468F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05400F44 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34dd3b4b596649adbed980e7f05f82ccf9ae27fc57adfa08932497f6633f2236
                                                      • Instruction ID: bb8d69efdf63bd2581a8db9094fbb941c2755ffadc092e56915e5628c06853c7
                                                      • Opcode Fuzzy Hash: 34dd3b4b596649adbed980e7f05f82ccf9ae27fc57adfa08932497f6633f2236
                                                      • Instruction Fuzzy Hash: 1041EFB4D00248DFDB10CFA9D984BEEBBB1BB09304F24A12AE559BB394D7749885CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05400F50 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c15a00a73ff942e8d7f10ccbfa82c911f9657fe8f35dadaad958de4e3fe72f90
                                                      • Instruction ID: cf190f629dad5ecfaed5482c52ee3eff0f9922c272b99095c00b120f4c26355b
                                                      • Opcode Fuzzy Hash: c15a00a73ff942e8d7f10ccbfa82c911f9657fe8f35dadaad958de4e3fe72f90
                                                      • Instruction Fuzzy Hash: D841CEB4D002489FDB14CFA9D984BEEBBF1BB09304F24A12AE459AB394D7749885CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0540F9B8 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0d5775bc31d6dffcd23ac29e69e4e8e989ca522b8a267bc8e0c2e66624e5f6cd
                                                      • Instruction ID: 45b7f8d5d0cc289bc80deda4463a76a158cf686023447d4de522116375351cbd
                                                      • Opcode Fuzzy Hash: 0d5775bc31d6dffcd23ac29e69e4e8e989ca522b8a267bc8e0c2e66624e5f6cd
                                                      • Instruction Fuzzy Hash: 64414CB1E016189BEB1CCFABC94469EFAF3BFC8300F14C17A9918AB255DB3459458F54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05580970 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731645504.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5580000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b76df81814fd6c7b0939996235518526218a62e0a9925f77e3f2076724fd85c2
                                                      • Instruction ID: cf29224341fbd644a04e7c190816121db28ab4c0d755f8b2187f888c4535b8c0
                                                      • Opcode Fuzzy Hash: b76df81814fd6c7b0939996235518526218a62e0a9925f77e3f2076724fd85c2
                                                      • Instruction Fuzzy Hash: E2417171E05A188BEB5CCF6B8D4579AFAF7BFC9301F14C1BA845CA6265EB3005868F11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EF6D9 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: efcea83c2b033be311fe86bd9aa4e0146b943d120936e40dcb6baf071238e04a
                                                      • Instruction ID: 6afe745db65406151fb2d442707056068fade8df0ed1a18a0e6d1a6c47069b47
                                                      • Opcode Fuzzy Hash: efcea83c2b033be311fe86bd9aa4e0146b943d120936e40dcb6baf071238e04a
                                                      • Instruction Fuzzy Hash: E741EFB5D05258DFCB10CFA9D484AEEFBF4BB49310F14902AE855B7250C778AA85CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057EF6E0 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732553794.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57e0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fcc9952c9dabb4d7e5244895cb0dc94222beb31d59a2625ed97ea3d9ff86c778
                                                      • Instruction ID: fa627c40dc84481f29f001671c522e3ec15ae2fe2d549b5bac8949266f4882a2
                                                      • Opcode Fuzzy Hash: fcc9952c9dabb4d7e5244895cb0dc94222beb31d59a2625ed97ea3d9ff86c778
                                                      • Instruction Fuzzy Hash: 8141EEB5D04258DFCB10CFA9D484AEEFBF4BB49310F14902AE455B7250C738AA85CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 058F0007 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732997566.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_58f0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ceeb14f1ff945b59a39c9db04ed591b94d95305e263e714fba06d64dc246ccf2
                                                      • Instruction ID: fb3aa95f74b3232c7e9d302cf3ff5c2b686164a5452c7f68f90050aaf336ea77
                                                      • Opcode Fuzzy Hash: ceeb14f1ff945b59a39c9db04ed591b94d95305e263e714fba06d64dc246ccf2
                                                      • Instruction Fuzzy Hash: 9F311E71D047598FD729CF2ACC4538ABAF2AF86300F04C0FA95489A216EB740A85CF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05408F02 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1731260918.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5400000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3828d8faafb6f7f3eed2a67df35cf280002487eaa0e2022a16dfa382b97ce917
                                                      • Instruction ID: 294eac1f2a759e14e00f331cc2f3defe1f98fff989e6cc88d4d4c8a9a45a9f61
                                                      • Opcode Fuzzy Hash: 3828d8faafb6f7f3eed2a67df35cf280002487eaa0e2022a16dfa382b97ce917
                                                      • Instruction Fuzzy Hash: 6821CCB1D056188BDB1CCF6B8D416DEFAF7AFCD300F14D0BAD908AA259DB300A458E54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 057B3210 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1732388065.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_57b0000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                      • API String ID: 0-723292480
                                                      • Opcode ID: 68162ed223af4c31c727001c5ba534c12b35fb5b03bd3419c3d61068e589ee2c
                                                      • Instruction ID: f750e313cb47621dde63e7149493c976105bcd1947c1a7813617521ff4b282d5
                                                      • Opcode Fuzzy Hash: 68162ed223af4c31c727001c5ba534c12b35fb5b03bd3419c3d61068e589ee2c
                                                      • Instruction Fuzzy Hash: 6FD17032940114DFCB05DF64C944EAABBB2FF48314F0644A8E609AB276DB72ED95DF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:11.7%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:20
                                                      Total number of Limit Nodes:1
                                                      execution_graph 24357 1877090 24358 187709a 24357->24358 24359 18770b4 24358->24359 24364 683cf57 24358->24364 24368 683cf68 24358->24368 24360 18770fa 24359->24360 24372 683ee71 24359->24372 24366 683cf7d 24364->24366 24365 683d192 24365->24359 24366->24365 24367 683d5b0 GlobalMemoryStatusEx 24366->24367 24367->24366 24370 683cf7d 24368->24370 24369 683d192 24369->24359 24370->24369 24371 683d5b0 GlobalMemoryStatusEx 24370->24371 24371->24370 24373 683ee7c 24372->24373 24374 683cf68 GlobalMemoryStatusEx 24373->24374 24375 683ee83 24374->24375 24375->24360 24376 1876f78 24378 1876f79 24376->24378 24377 18770fa 24378->24377 24379 683ee71 GlobalMemoryStatusEx 24378->24379 24379->24377

                                                      Executed Functions

                                                      Function 0187CDD8 Relevance: 2.3, Instructions: 2315COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f51527bfbda4bea9be4943f78fce92a48049d7a76d5ee3618c829bbe18f3fb7
                                                      • Instruction ID: 1f200af441478a8867083d35204dfffc2c58f6023578da5299606eb39526c4f0
                                                      • Opcode Fuzzy Hash: 2f51527bfbda4bea9be4943f78fce92a48049d7a76d5ee3618c829bbe18f3fb7
                                                      • Instruction Fuzzy Hash: 3F330C31D10B198EDB11EB68C8906ADF7B1FF99300F15C79AE459A7211EB70EAC5CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018741C8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Vl
                                                      • API String ID: 0-682378881
                                                      • Opcode ID: 265c2820b893cecf4012c0d4326d60abf0e53efe8e4c3d668b9b47a9ab04ed3b
                                                      • Instruction ID: ba8c2dd9335d80b1982a746818c3f5a6048646310628eacdbeb255bc03b2081e
                                                      • Opcode Fuzzy Hash: 265c2820b893cecf4012c0d4326d60abf0e53efe8e4c3d668b9b47a9ab04ed3b
                                                      • Instruction Fuzzy Hash: 88B13D70E002198FDF14CFA9D885BADBBF2BF88314F148129E819E7294EB74D945CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01873E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Vl
                                                      • API String ID: 0-682378881
                                                      • Opcode ID: dcc0b04d9ac138c30f1f04aa03c92adc99230e14c5d16f7dfbfc1cd619040ddc
                                                      • Instruction ID: fba0b83f4ba0db50e719165b5ae7ce03fdf6d7821da79cf61be8f74ab0535ed9
                                                      • Opcode Fuzzy Hash: dcc0b04d9ac138c30f1f04aa03c92adc99230e14c5d16f7dfbfc1cd619040ddc
                                                      • Instruction Fuzzy Hash: 9B917C70E002098FDF10DFA9D98579DBBF2BF88354F148129E819E7254EB74D946CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01874A98 Relevance: .3, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d16f12ffc9455534610c4c89ab3492fd8f7e84cf7ad3a058ae3e30c249fe9f5
                                                      • Instruction ID: a4af6a639cd9440a86a7536c311ccc1ec6421ab04db291ecf827fcba4664a446
                                                      • Opcode Fuzzy Hash: 6d16f12ffc9455534610c4c89ab3492fd8f7e84cf7ad3a058ae3e30c249fe9f5
                                                      • Instruction Fuzzy Hash: EAB16E70E002198FDF10CFA9D8957ADBFF2AF88314F248129D859E7294EB74D985CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018741BC Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1818 18741bc-187422e 1820 1874230-187423b 1818->1820 1821 1874278-187427a 1818->1821 1820->1821 1822 187423d-1874249 1820->1822 1823 187427c-1874295 1821->1823 1824 187426c-1874276 1822->1824 1825 187424b-1874255 1822->1825 1829 1874297-18742a3 1823->1829 1830 18742e1-18742e3 1823->1830 1824->1823 1827 1874257 1825->1827 1828 1874259-1874268 1825->1828 1827->1828 1828->1828 1831 187426a 1828->1831 1829->1830 1833 18742a5-18742b1 1829->1833 1832 18742e5-187433d 1830->1832 1831->1824 1842 1874387-1874389 1832->1842 1843 187433f-187434a 1832->1843 1834 18742d4-18742df 1833->1834 1835 18742b3-18742bd 1833->1835 1834->1832 1836 18742c1-18742d0 1835->1836 1837 18742bf 1835->1837 1836->1836 1839 18742d2 1836->1839 1837->1836 1839->1834 1845 187438b-18743a3 1842->1845 1843->1842 1844 187434c-1874358 1843->1844 1846 187437b-1874385 1844->1846 1847 187435a-1874364 1844->1847 1852 18743a5-18743b0 1845->1852 1853 18743ed-18743ef 1845->1853 1846->1845 1848 1874366 1847->1848 1849 1874368-1874377 1847->1849 1848->1849 1849->1849 1851 1874379 1849->1851 1851->1846 1852->1853 1855 18743b2-18743be 1852->1855 1854 18743f1-1874403 1853->1854 1862 187440a-1874442 1854->1862 1856 18743e1-18743eb 1855->1856 1857 18743c0-18743ca 1855->1857 1856->1854 1859 18743ce-18743dd 1857->1859 1860 18743cc 1857->1860 1859->1859 1861 18743df 1859->1861 1860->1859 1861->1856 1863 1874448-1874456 1862->1863 1864 187445f-18744bf 1863->1864 1865 1874458-187445e 1863->1865 1872 18744c1-18744c5 1864->1872 1873 18744cf-18744d3 1864->1873 1865->1864 1872->1873 1874 18744c7 1872->1874 1875 18744d5-18744d9 1873->1875 1876 18744e3-18744e7 1873->1876 1874->1873 1875->1876 1877 18744db 1875->1877 1878 18744f7-18744fb 1876->1878 1879 18744e9-18744ed 1876->1879 1877->1876 1880 18744fd-1874501 1878->1880 1881 187450b-187450f 1878->1881 1879->1878 1882 18744ef-18744f2 call 1870ab0 1879->1882 1880->1881 1883 1874503-1874506 call 1870ab0 1880->1883 1884 1874511-1874515 1881->1884 1885 187451f-1874523 1881->1885 1882->1878 1883->1881 1884->1885 1888 1874517-187451a call 1870ab0 1884->1888 1889 1874525-1874529 1885->1889 1890 1874533-1874537 1885->1890 1888->1885 1889->1890 1892 187452b 1889->1892 1893 1874547 1890->1893 1894 1874539-187453d 1890->1894 1892->1890 1896 1874548 1893->1896 1894->1893 1895 187453f 1894->1895 1895->1893 1896->1896
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Vl$|
                                                      • API String ID: 0-1420143437
                                                      • Opcode ID: f6e934056b740de437c0d708f21a29fee3533429f38c262f6b2345f14b89aad1
                                                      • Instruction ID: 2aca5ae0fe8a2e75ffba17d6f21d5d3589026a6f1962ca7cebcabdf281411f4b
                                                      • Opcode Fuzzy Hash: f6e934056b740de437c0d708f21a29fee3533429f38c262f6b2345f14b89aad1
                                                      • Instruction Fuzzy Hash: 1BB13BB0E00219CFDB10CFA9D985B9DBBF1BF48318F188129E819E7294EB74D955CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01876ED7 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1965 1876ed7-1876f42 call 1876c40 1974 1876f44-1876f5d call 1876774 1965->1974 1975 1876f5e-1876f6e 1965->1975 1979 1876f75-1876f78 1975->1979 1980 1876f70-1876f72 1975->1980 1984 1876f79-1876f8c 1979->1984 1983 1876f74 1980->1983 1980->1984 1983->1979 1985 1876f8e-1876f91 1984->1985 1986 1876f93-1876fc8 1985->1986 1987 1876fcd-1876fd0 1985->1987 1986->1987 1988 1877003-1877006 1987->1988 1989 1876fd2-1876fe6 1987->1989 1990 1877016-1877019 1988->1990 1991 1877008 call 1877920 1988->1991 2000 1876fec 1989->2000 2001 1876fe8-1876fea 1989->2001 1992 187702d-187702f 1990->1992 1993 187701b-1877022 1990->1993 1995 187700e-1877011 1991->1995 1998 1877036-1877039 1992->1998 1999 1877031 1992->1999 1996 18770eb-18770f2 1993->1996 1997 1877028 1993->1997 1995->1990 2004 18770f4 1996->2004 2005 1877101-1877107 1996->2005 1997->1992 1998->1985 2002 187703f-187704e 1998->2002 1999->1998 2003 1876fef-1876ffe 2000->2003 2001->2003 2009 1877050-1877053 2002->2009 2010 1877078-187708d 2002->2010 2003->1988 2015 18770f4 call 683ee71 2004->2015 2016 18770f4 call 683eca8 2004->2016 2017 18770f4 call 683ecb8 2004->2017 2006 18770fa 2006->2005 2012 187705b-1877076 2009->2012 2010->1996 2012->2009 2012->2010 2015->2006 2016->2006 2017->2006
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR^q$LR^q
                                                      • API String ID: 0-4089051495
                                                      • Opcode ID: 1eb0e4775f4991f215ba24793d04fb97a658ee7f7609d31aa909ddff2feeca98
                                                      • Instruction ID: d82edde45e3f4020b98b3cc1d762453117111ffaa3192d60ad8ba7e58b0f2839
                                                      • Opcode Fuzzy Hash: 1eb0e4775f4991f215ba24793d04fb97a658ee7f7609d31aa909ddff2feeca98
                                                      • Instruction Fuzzy Hash: 8051DF30F006059FEB16DF78C44479EBBB2EF85300F20846AE405EB291EB71D986CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0683E171 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2648 683e171-683e18b 2649 683e1b5-683e1d4 call 683d53c 2648->2649 2650 683e18d-683e1b4 call 683d530 2648->2650 2656 683e1d6-683e1d9 2649->2656 2657 683e1da-683e21e 2649->2657 2662 683e220-683e223 2657->2662 2663 683e226 2657->2663 2662->2663 2664 683e228-683e22d 2663->2664 2665 683e22e-683e239 2663->2665 2664->2665 2668 683e23b-683e23e 2665->2668 2669 683e23f-683e256 2665->2669 2671 683e258-683e25d 2669->2671 2672 683e25e-683e2cc GlobalMemoryStatusEx 2669->2672 2671->2672 2674 683e2d5-683e2fd 2672->2674 2675 683e2ce-683e2d4 2672->2675 2675->2674
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2975128989.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_6830000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec85cefa0b88081c70e3dd06a2de33730d027a9d5160dcbd250977d17c35ddb0
                                                      • Instruction ID: 09721a2ebf969d15ae2979ae69ffe1363fada175e549542bfc210355d6432a6c
                                                      • Opcode Fuzzy Hash: ec85cefa0b88081c70e3dd06a2de33730d027a9d5160dcbd250977d17c35ddb0
                                                      • Instruction Fuzzy Hash: 2C415771D043A59FCB00DFB9D8042AEBFF1AF8A210F0485ABE444E7251DB349945CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018796F8 Relevance: 1.6, Strings: 1, Instructions: 366COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2678 18796f8-1879712 2679 1879714-1879717 2678->2679 2680 187971e-1879721 2679->2680 2681 1879719-187971b 2679->2681 2682 1879723-187973f 2680->2682 2683 1879740-1879743 2680->2683 2681->2680 2684 1879745-187975e 2683->2684 2685 1879763-1879766 2683->2685 2684->2685 2687 187977d-1879780 2685->2687 2688 1879768-187976e 2685->2688 2692 1879782-1879788 2687->2692 2693 187978d-1879790 2687->2693 2690 1879774-1879778 2688->2690 2691 187989b-18798aa 2688->2691 2690->2687 2703 18798b1-18798b2 2691->2703 2704 18798ac-18798b0 2691->2704 2692->2693 2695 1879792-1879793 2693->2695 2696 1879798-187979b 2693->2696 2695->2696 2699 18797b6-18797b9 2696->2699 2700 187979d-18797ab 2696->2700 2701 18797bb-18797d4 2699->2701 2702 18797d9-18797dc 2699->2702 2700->2682 2710 18797b1 2700->2710 2701->2702 2706 18797ee-18797f1 2702->2706 2707 18797de 2702->2707 2708 18798b4-18798b6 2703->2708 2709 18798b9-18798bd 2703->2709 2704->2703 2714 18797f3-187980c 2706->2714 2715 1879811-1879814 2706->2715 2718 18797e6-18797e9 2707->2718 2712 18798be-187991b 2708->2712 2713 18798b8 2708->2713 2709->2712 2710->2699 2741 1879a32-1879a39 2712->2741 2742 1879921-1879923 2712->2742 2713->2709 2714->2715 2716 1879816-187982e 2715->2716 2717 1879839-187983c 2715->2717 2716->2695 2730 1879834 2716->2730 2721 187985e-1879861 2717->2721 2722 187983e-1879859 2717->2722 2718->2706 2725 1879863-1879866 2721->2725 2726 187986d-1879873 2721->2726 2722->2721 2732 1879890-187989a 2725->2732 2733 1879868-187986b 2725->2733 2726->2688 2728 1879879 2726->2728 2734 187987e-1879880 2728->2734 2730->2717 2733->2726 2733->2734 2735 1879887-187988a 2734->2735 2736 1879882 2734->2736 2735->2679 2735->2732 2736->2735 2785 1879926 call 18796a6 2742->2785 2786 1879926 call 187937c 2742->2786 2787 1879926 call 18794a8 2742->2787 2788 1879926 call 18796f8 2742->2788 2789 1879926 call 18798a8 2742->2789 2743 187992c-1879938 2745 1879943-187994a 2743->2745 2746 187993a-1879941 2743->2746 2746->2745 2747 187994b-1879972 2746->2747 2751 1879974-187997b 2747->2751 2752 187997c-1879983 2747->2752 2753 1879a3a-1879a42 2752->2753 2754 1879989-187998d 2752->2754 2758 1879a44-1879a45 2753->2758 2759 1879a49-1879a6b 2753->2759 2755 1879997-1879a16 2754->2755 2756 187998f-1879996 2754->2756 2768 1879a26-1879a2a 2755->2768 2769 1879a18-1879a1f 2755->2769 2758->2759 2761 1879a6d-1879a6f 2759->2761 2762 1879a76-1879a79 2761->2762 2763 1879a71 2761->2763 2762->2761 2765 1879a7b-1879ab7 call 1870368 2762->2765 2763->2762 2773 1879abf-1879ac2 2765->2773 2774 1879ab9-1879abb 2765->2774 2768->2741 2769->2768 2776 1879b09 2773->2776 2777 1879ac4-1879aee 2773->2777 2775 1879abd 2774->2775 2774->2776 2775->2777 2778 1879b0e-1879b12 2776->2778 2784 1879af4-1879b07 2777->2784 2780 1879b14 2778->2780 2781 1879b1d 2778->2781 2780->2781 2784->2778 2785->2743 2786->2743 2787->2743 2788->2743 2789->2743
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-3993045852
                                                      • Opcode ID: b3754cd55ce59265a8e667d00bf57a08111287d353ce14d05d3beeabbac8c1a8
                                                      • Instruction ID: 23994bf8a4a2520e14bd42632e9ae37162787a534ef1bc9c416142ee98a7812d
                                                      • Opcode Fuzzy Hash: b3754cd55ce59265a8e667d00bf57a08111287d353ce14d05d3beeabbac8c1a8
                                                      • Instruction Fuzzy Hash: 02D1B030E002058FDB11DF6DD8847AEBBB6FB88324F24856AE509DB392D771DA41CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0683E258 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 0683E2BF
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2975128989.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_6830000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID: GlobalMemoryStatus
                                                      • String ID:
                                                      • API String ID: 1890195054-0
                                                      • Opcode ID: 25f6520492e45ca210e236c654e71cb034ec142e0aaa612cd95770927d5e6c95
                                                      • Instruction ID: 97d781d845bdde685abd4c0efa698c90ffcee89bcf510c7d3203dfb1208080ef
                                                      • Opcode Fuzzy Hash: 25f6520492e45ca210e236c654e71cb034ec142e0aaa612cd95770927d5e6c95
                                                      • Instruction Fuzzy Hash: A81114B1C002699BCB10CF9AC5447DEFBF4AB48320F10812AD918A7250D378A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01873E74 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Vl
                                                      • API String ID: 0-682378881
                                                      • Opcode ID: 2bafd6bb10f302701fb6850cc9447ed407ee6b8e450398a0edbe72d2f059226c
                                                      • Instruction ID: 4338e3485e70f589dd668299ecc3af5c379b77870a771bed5b7d54e4f552e7bc
                                                      • Opcode Fuzzy Hash: 2bafd6bb10f302701fb6850cc9447ed407ee6b8e450398a0edbe72d2f059226c
                                                      • Instruction Fuzzy Hash: B6A17A70E00609CFDB11DFA8D98179EBBF1BF48354F148129E819E7254EB34DA86CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0187F305 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH^q
                                                      • API String ID: 0-2549759414
                                                      • Opcode ID: a3034b2e3453bceffc1500b5e571ebe2d8cd6664409d06aedc5f87466b8764ac
                                                      • Instruction ID: 9a7520bd175fb3d18b0525925cc93d0f9dd411de3a2f4de493804abe1a95b884
                                                      • Opcode Fuzzy Hash: a3034b2e3453bceffc1500b5e571ebe2d8cd6664409d06aedc5f87466b8764ac
                                                      • Instruction Fuzzy Hash: 03410230B002028FDB169B79D55866FBBE2AF89710F14842DD10ADB385DE79DD86C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01876F78 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR^q
                                                      • API String ID: 0-2625958711
                                                      • Opcode ID: 2fdde85b949ab8ad5dcaa657350f795a63f7d3a27597f1cb6391a924ec039ad3
                                                      • Instruction ID: 538345aa68afc32fc69ee8c3d74b1fc444fedb777cda58d9bb233e84448cb143
                                                      • Opcode Fuzzy Hash: 2fdde85b949ab8ad5dcaa657350f795a63f7d3a27597f1cb6391a924ec039ad3
                                                      • Instruction Fuzzy Hash: D231B234E102098FEF16DFA9D44879EBBB2FF85314F208529E405EB240EB71DA85CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01876BA1 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR^q
                                                      • API String ID: 0-2625958711
                                                      • Opcode ID: 963a9601f9803db67ebf661801446b6d83f0ed43262078846ce0fd8d155d1a0b
                                                      • Instruction ID: 84bac0f4540434d5ebf26c0913a476e01377fd72af0415214d1fd9e393ca42fa
                                                      • Opcode Fuzzy Hash: 963a9601f9803db67ebf661801446b6d83f0ed43262078846ce0fd8d155d1a0b
                                                      • Instruction Fuzzy Hash: 4A112772A042456FD70A9B39841455D7FB6EF87704B2484AED00DCB392FA35CD068753
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01877920 Relevance: .6, Instructions: 557COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f10d9b24c97e7a33ddf2ad69ab1397cfc774e4355a54412ab873a25091a084fb
                                                      • Instruction ID: 4430f56a96f1998778d8343f0ca6edd1aef05a62fb984c2e5dd36ca64cb9936e
                                                      • Opcode Fuzzy Hash: f10d9b24c97e7a33ddf2ad69ab1397cfc774e4355a54412ab873a25091a084fb
                                                      • Instruction Fuzzy Hash: A4124E317012029FCB16AB38E55862D7AA3FB8A714B20897DE006DB365CF75DDC6D782
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0187937C Relevance: .3, Instructions: 301COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0b54e969e9fe54aa7ea5691515169e6bc2edef06e863f682acce9bd9cdd9ebf
                                                      • Instruction ID: 81469c59f51f512d7eb13912ebf5773d437ef4c57a65e0f1f8b75622fd87103e
                                                      • Opcode Fuzzy Hash: f0b54e969e9fe54aa7ea5691515169e6bc2edef06e863f682acce9bd9cdd9ebf
                                                      • Instruction Fuzzy Hash: 85B18E35A002048FCB15DFA8D584AADBBF2FF88324F148569E50AD7365DB31EE42CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01874A8D Relevance: .3, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bfda85015bc6470597d98f14c67932f37be138f747cea1f97fffa380124b2f92
                                                      • Instruction ID: 1071d988d6672d78fb637db3b7d93b6636c41cbe975d11522345558214426e34
                                                      • Opcode Fuzzy Hash: bfda85015bc6470597d98f14c67932f37be138f747cea1f97fffa380124b2f92
                                                      • Instruction Fuzzy Hash: E2B15D70E002198FDF10CFA8D8957ADBFF1AF88354F248129D859E7254EB74D985CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01876CDD Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4bdbaf65d6c4a461aa7dfbbcb49a02cf03a0830b4a4c1b63240e1606fd9bb706
                                                      • Instruction ID: 8980a8045d39d0abc0d14e4cb2aaaa840fd66fde1f54078f355b4bee2ca91006
                                                      • Opcode Fuzzy Hash: 4bdbaf65d6c4a461aa7dfbbcb49a02cf03a0830b4a4c1b63240e1606fd9bb706
                                                      • Instruction Fuzzy Hash: 62512471D106188FEB18CFA9C888B9DBBF1BF48314F248529E819BB351E774A945CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01876CE8 Relevance: .1, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6b19436baac1f03adb46a765ca6d6a3d4253f1e6e626b0ff35354775c82aaee5
                                                      • Instruction ID: 067bb3666c2726a740e7da4ddf9740228492c97af73ee72c51882520468e453c
                                                      • Opcode Fuzzy Hash: 6b19436baac1f03adb46a765ca6d6a3d4253f1e6e626b0ff35354775c82aaee5
                                                      • Instruction Fuzzy Hash: FF513671D106188FEB18CFA9C888B9DBBF1BF48314F248419E819BB351E774A985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871128 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bb8a6c76e810bb810a54d1280d40b26a90368587242081f5d4f3f3115099a20c
                                                      • Instruction ID: 30cd51ed3b33038a0c94a7f364bbd6cfa0f2501d9defc7320d30f076bac4bd60
                                                      • Opcode Fuzzy Hash: bb8a6c76e810bb810a54d1280d40b26a90368587242081f5d4f3f3115099a20c
                                                      • Instruction Fuzzy Hash: 67515E31A02249CFC719DB6EFA90A447FB1FB5731570081A9D4054B73ADB386DE9CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871138 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ee13a20eace25ea9511ae5841cb8e9b960d9a5b4ae29ca0e0f487c5c84f270df
                                                      • Instruction ID: 226732e3256c4adada2777e574d233cb90c102a43b6a4cce5df48ef890259daa
                                                      • Opcode Fuzzy Hash: ee13a20eace25ea9511ae5841cb8e9b960d9a5b4ae29ca0e0f487c5c84f270df
                                                      • Instruction Fuzzy Hash: ED512E30A02249CFC715DB6FFA90A547BB1FB9731570081A8D4054B73ADB386DE9CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0187F1C8 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7c814c9467c366780dec866b0b829868e00868ce4df813f707f9b9b7282df388
                                                      • Instruction ID: 6d1ba798588311dfc7aa555508d519a63a74290ae9df36c552f37caeb029be82
                                                      • Opcode Fuzzy Hash: 7c814c9467c366780dec866b0b829868e00868ce4df813f707f9b9b7282df388
                                                      • Instruction Fuzzy Hash: CC315E35E106059BCB19CFAAD49469EB7B2FF89300F108929E92AE7345DB70ED42CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018726DD Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63be554e6758bc12321510e2b4e6bbbe7799c48b12c0b43fbe546050a9b8b060
                                                      • Instruction ID: 96e7e8038cf8e9e9ba68432f66d942bc9887cd870d87101c543a523daa8afed6
                                                      • Opcode Fuzzy Hash: 63be554e6758bc12321510e2b4e6bbbe7799c48b12c0b43fbe546050a9b8b060
                                                      • Instruction Fuzzy Hash: 2841EFB0D002499FDB10CF99C584A9EBFF5EF48314F10802AE819AB264DB759A49CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0187F1D8 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e1dbfbf14e610209d6b7621d068bb5f01df291eb8d731b8760b145acd0553c54
                                                      • Instruction ID: 5b16c99b08a28f02231864641d0f849b5784bff466170d811859b3242de981b1
                                                      • Opcode Fuzzy Hash: e1dbfbf14e610209d6b7621d068bb5f01df291eb8d731b8760b145acd0553c54
                                                      • Instruction Fuzzy Hash: C0318034E102059BCB15CFA9D45469EB7B2FF89300F10C929E92AE7345DB70ED42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018726E8 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a20c65a4123e6390ef075a3a4e26c7b97b0b011bd2bf6ee814c680c4627ffd2d
                                                      • Instruction ID: 0952510f097f45f164b48adbaeccde713b439ac8d7d7e82c283519adeb3b2109
                                                      • Opcode Fuzzy Hash: a20c65a4123e6390ef075a3a4e26c7b97b0b011bd2bf6ee814c680c4627ffd2d
                                                      • Instruction Fuzzy Hash: C141DEB0D002499FDB10DFA9C584A9EBFF5EF48314F108029E819AB254DB75A989CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01879268 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f9f590a252dcf210571e53c32f97856df45aef721985e0df3839faf1c45a559
                                                      • Instruction ID: c131101644b13ef4edc9148b015b8d923a25d5b75a4ff7f12fded8e9ccaef81b
                                                      • Opcode Fuzzy Hash: 2f9f590a252dcf210571e53c32f97856df45aef721985e0df3839faf1c45a559
                                                      • Instruction Fuzzy Hash: A031A231E102099BDB05CFA9D48469EF7B2FF89314F14C629E815EB341DB70D986CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01879168 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a6faba4f08aae0da3675f82714259aa5b49012c74170925a8f633bb0bcbfca42
                                                      • Instruction ID: 885d305b01a800266d78153d5035aa34c5a7928d335a7c4e54f93a66708fbb07
                                                      • Opcode Fuzzy Hash: a6faba4f08aae0da3675f82714259aa5b49012c74170925a8f633bb0bcbfca42
                                                      • Instruction Fuzzy Hash: 6621B631E1060A9BCB19CFA8D85469EF7B2AF89314F248529EC15FB341DB70E946CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871380 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54ef47007d66943826c817c068d82b462214bb8a605e8a213d8d7a1d8bc77fc8
                                                      • Instruction ID: 08ed140f0c8517cb7ad69ec8c83b176397ee771e0f25dbeaa3a32a5b3048dff3
                                                      • Opcode Fuzzy Hash: 54ef47007d66943826c817c068d82b462214bb8a605e8a213d8d7a1d8bc77fc8
                                                      • Instruction Fuzzy Hash: 032104706002014BDB36562DE4DC36D3F66E702325F1448ADE41AC7F82DE2DCAC59743
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01879278 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58463142142bea7a1c3c1b085bd1649911e9d7262f4a291b445dd1ccb4ea343c
                                                      • Instruction ID: 0a743a64d4a402dba9d02c78ed61ae7c932d3ace612edf7738e5b9c0566249cf
                                                      • Opcode Fuzzy Hash: 58463142142bea7a1c3c1b085bd1649911e9d7262f4a291b445dd1ccb4ea343c
                                                      • Instruction Fuzzy Hash: 2021A131E1020A9BDB05CFA9D48469EF7B2FF89314F14C629E815EB341DB70E986CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0187169F Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f43cdc1cefe81ef5976142afd4a2b06339c567db8e978106f6cb5deeae375033
                                                      • Instruction ID: c3d8fcde6c3e338e4230c0030b13f0d5f239d7e693b25f9a8e6455f16050da52
                                                      • Opcode Fuzzy Hash: f43cdc1cefe81ef5976142afd4a2b06339c567db8e978106f6cb5deeae375033
                                                      • Instruction Fuzzy Hash: 93210731A101054FDF26DB2DE88872DB7A5E745344F008A34D40ACBB5AEB38DDC58F92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017CD4D8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965413859.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_17cd000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d9d1bc84daca4a6e26fcc79e4a2384ce860156d5c3dc7a35f5a61188b3d089e5
                                                      • Instruction ID: fcd6743c50394b5b77c99c981e2126461ed2ca077964e6588a00ec7fd7ebcf33
                                                      • Opcode Fuzzy Hash: d9d1bc84daca4a6e26fcc79e4a2384ce860156d5c3dc7a35f5a61188b3d089e5
                                                      • Instruction Fuzzy Hash: B821E271500200DFDB15DF98E9C0B26FF65EBA8718F2081BDD9094A256C336D456C6E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017DD044 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965502293.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_17dd000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 831a302fe005d849662e6e9466c42a88a3c8563593cf4b3c0bd7470666e10e7b
                                                      • Instruction ID: a3e0515c715ac5a83c4ddd1fc7cc5349368243bf6120eda8f03a5d2b336b4440
                                                      • Opcode Fuzzy Hash: 831a302fe005d849662e6e9466c42a88a3c8563593cf4b3c0bd7470666e10e7b
                                                      • Instruction Fuzzy Hash: E6210471504208EFDB25DF68C9C4B26FBB5FB84314F24C5ADE9494B292C73BD446CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01879178 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6ec9dc2875225cb521376964bfb96f1e529803343d9f87bf82c3f1a06d25e17
                                                      • Instruction ID: d7cc57cb3184d6042fb0dee0dd5459509b638bf98a279021446a8fd8e2a0e42d
                                                      • Opcode Fuzzy Hash: b6ec9dc2875225cb521376964bfb96f1e529803343d9f87bf82c3f1a06d25e17
                                                      • Instruction Fuzzy Hash: 64219F30E106099BDB19CFA8D85459EF7B6BF89324F10852AEC15FB341DB70E946CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871888 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ddefc802ec49d581b5ae94a6cce0c8de3b216fb85717daf3c8268c1a06ecda68
                                                      • Instruction ID: 2a7652c63201bd5e2fd1b9f8f9581c924328c055ddf18f5a927d8261ded4bd3d
                                                      • Opcode Fuzzy Hash: ddefc802ec49d581b5ae94a6cce0c8de3b216fb85717daf3c8268c1a06ecda68
                                                      • Instruction Fuzzy Hash: 68215C30B00209CFDB15EB68C5197AE77F2AF4A305F600469C406EBB90DB36DE41DBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871878 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e94d8a2897edec709ae7aadad15e449a48db6b3a4905d63e64e9225bd8f120b
                                                      • Instruction ID: 4d93eedeb858123aa7316ab006566f2c622d9b6a43d4c2375154f2c3973e4534
                                                      • Opcode Fuzzy Hash: 0e94d8a2897edec709ae7aadad15e449a48db6b3a4905d63e64e9225bd8f120b
                                                      • Instruction Fuzzy Hash: 45216930B00206CFEB25EB28C5597AE77F1AF4A304F500469D406EBB90DB36DE45CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018716B0 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9605629761fde45c2f732eec161d4bd457f9f1e6e77dca12158b3cc1ee3e350
                                                      • Instruction ID: ea4eeccb06eaafe8fc9b198416c5c59fb31a48a77764a234f2e7b0903a4121ff
                                                      • Opcode Fuzzy Hash: f9605629761fde45c2f732eec161d4bd457f9f1e6e77dca12158b3cc1ee3e350
                                                      • Instruction Fuzzy Hash: EE218434A101054FDF26DB3DE888B2DBB65E745314F108A34E41ACB76AEB38DDD58B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871488 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e5367df85ea4301e9dc03da9684b30a802723251740965ec68146aa6f87a230
                                                      • Instruction ID: ad0a4611eaee383d0cae20e9b84f10d85f90b804f3371848e6869573a146d1cd
                                                      • Opcode Fuzzy Hash: 1e5367df85ea4301e9dc03da9684b30a802723251740965ec68146aa6f87a230
                                                      • Instruction Fuzzy Hash: 8711E931A002158FCF26EFBC84885AEBBF6EF55314B24047AE805E7701E735DA418BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01870838 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dac714fe63830fbb335810d7e7ea207593d3971611511940f369a9d00073be94
                                                      • Instruction ID: 55f9b5a32bed64c963ad28bdcb709a1b2443e8ea1a1900ccaf8b15cc31e431a4
                                                      • Opcode Fuzzy Hash: dac714fe63830fbb335810d7e7ea207593d3971611511940f369a9d00073be94
                                                      • Instruction Fuzzy Hash: 1411A330B042098FEF225ABD9C5076A76A5EB43314F20493AF556DF382D975CE858BD2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01870848 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5854997cf20bb4c304ca04205ab464f17a41b4944b519a8f68f6b2972499bea6
                                                      • Instruction ID: 66cd52edbb0912f0f0c3461512170f12ee97a25acf486d6ce5d334966f4e0a83
                                                      • Opcode Fuzzy Hash: 5854997cf20bb4c304ca04205ab464f17a41b4944b519a8f68f6b2972499bea6
                                                      • Instruction Fuzzy Hash: E711BF30B102088FDF659A7DD84432A76A5EB87314F20893AF506DB352DA35DE818BC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018717C3 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5f27e89449d57da6bec1ec67ed70b84eb8114ad6ad4e2193fdaa4aa6da29fed
                                                      • Instruction ID: f6afc94b97560b2e22d06ec8ad9d19f8c0eb037afb8b24586310e0732f61194c
                                                      • Opcode Fuzzy Hash: f5f27e89449d57da6bec1ec67ed70b84eb8114ad6ad4e2193fdaa4aa6da29fed
                                                      • Instruction Fuzzy Hash: AC110276F002118BCB219B79988965F7FF5EB4E750F0044A9E909D3340EB34C9128792
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017CD4D3 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965413859.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_17cd000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                      • Instruction ID: 1e6f20c9ba10a6c2e857bba8730612fceb4d830606b696abe1fe1438ebf29796
                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                      • Instruction Fuzzy Hash: B511CD76504240CFCB12CF44D9C4B16BF62FB94318F2482ADD9090A256C33AD45ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 018798A8 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 731bfb344ba918be460ee3627310ed956e554e5fda12c1e6b0fd1b9b2ceb89a3
                                                      • Instruction ID: 4a137181361bfd7d22dd9629e8dfb28950039ac19fc2d67b9c5da4f845b7d9ed
                                                      • Opcode Fuzzy Hash: 731bfb344ba918be460ee3627310ed956e554e5fda12c1e6b0fd1b9b2ceb89a3
                                                      • Instruction Fuzzy Hash: D611E930A002058FDB01DF69D98478ABFB2FF85324F55C165C9489F29AD771DA46C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871498 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 40b552f683391fca471b9914494eafba43ab96aa8af677a66211c306c9bb4aec
                                                      • Instruction ID: caf0d98d3d28f69e5fb9028f70be52f9a2758b80a20bb8b8535bc32745d1bd6f
                                                      • Opcode Fuzzy Hash: 40b552f683391fca471b9914494eafba43ab96aa8af677a66211c306c9bb4aec
                                                      • Instruction Fuzzy Hash: B8019271B002159FCF25EFBC84841AEBBF6EF49310B24047AE805E7701E735DA418BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 017DD03F Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965502293.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_17dd000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                      • Instruction ID: ddccb7b28edadd3e92e79666bb4e828360fdb5772a19d392d31a32e85fdea69d
                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                      • Instruction Fuzzy Hash: 0211BE75504248CFDB12CF64C5C4B15FF71FB84314F24C6A9D8494B292C33AD44ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01878109 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03a10b260497cb86f7587aa9b92affd7eb3024497eeee2ed5121d837f02e32ea
                                                      • Instruction ID: 1e0f7e7123a4cf1c41c704038893331e13109bc78d1b6d6aaa7f9c19d2d632c0
                                                      • Opcode Fuzzy Hash: 03a10b260497cb86f7587aa9b92affd7eb3024497eeee2ed5121d837f02e32ea
                                                      • Instruction Fuzzy Hash: DF011270D0010DAFCB44EFA9F945B9DB7B5EB40304F60857CC40997254EB356E998B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01877090 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 06c8b94915f4ea97b9e45e39a81c1cc5d290b0bb18e1edfd749302795870b51b
                                                      • Instruction ID: dd842f4d3199ea2c496bdca86ea033aa0c7306841d1a046d38520a26f127cc43
                                                      • Opcode Fuzzy Hash: 06c8b94915f4ea97b9e45e39a81c1cc5d290b0bb18e1edfd749302795870b51b
                                                      • Instruction Fuzzy Hash: 2C011635B002088FD714DB65E558B6C3BB2FB88315F1140A9E506CB3A0DF35AD42DB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01871524 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58ac3e43a63d9e4fd9fa1dc7e9bbfb59113c6b7b436fc084e300f340e161e4b4
                                                      • Instruction ID: 3899deda9dab48762cb965463ee3db271c850fb4db50103a15a1da28de0621bc
                                                      • Opcode Fuzzy Hash: 58ac3e43a63d9e4fd9fa1dc7e9bbfb59113c6b7b436fc084e300f340e161e4b4
                                                      • Instruction Fuzzy Hash: 7AF02473A04250CFDB229BAC88D41ACBFB1EEA531175C00ABE402DBB51D731DA82DB12
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01878118 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.2965811743.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_1870000_3182473663947752.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 507de64d8d95fed45874a6d5d940391eee165a7f4d18bf6ab5515c4275f0a51c
                                                      • Instruction ID: d86bb2b94a24d427b1f5aaad327d2342b3853369f65d4b7bb917d41683f2e55d
                                                      • Opcode Fuzzy Hash: 507de64d8d95fed45874a6d5d940391eee165a7f4d18bf6ab5515c4275f0a51c
                                                      • Instruction Fuzzy Hash: 05F0F470D4010DAFCB44EBB9FA41A9DB7B5EB40304F508678C40997254DF356E998B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%