Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HmGUCvTQIacWu7Q.exe

Overview

General Information

Sample name:HmGUCvTQIacWu7Q.exe
Analysis ID:1428649
MD5:ff1d0766297fb6e6aad3dc1008559378
SHA1:73feaee0551ae5e811933319cfdaf0bb4d8b457b
SHA256:5411cdb506aeb34244854a919278dd88877f92e0a97561aa50d11d8b0dfb86b8
Tags:AgentTeslaexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code contains very large strings
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • HmGUCvTQIacWu7Q.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe" MD5: FF1D0766297FB6E6AAD3DC1008559378)
    • HmGUCvTQIacWu7Q.exe (PID: 7336 cmdline: "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe" MD5: FF1D0766297FB6E6AAD3DC1008559378)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "us2.smtp.mailhostbox.com", "Username": "jb@hargeisawateragancy.com", "Password": "cVRkXnN1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2930390277.000000000312E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x320af:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x32121:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x321ab:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x3223d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x322a7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x32319:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x323af:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x3243f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    Click to see the 18 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.199.223, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe, Initiated: true, ProcessId: 7336, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "us2.smtp.mailhostbox.com", "Username": "jb@hargeisawateragancy.com", "Password": "cVRkXnN1"}
                    Multi AV Scanner detection for submitted file
                    Source: HmGUCvTQIacWu7Q.exeReversingLabs: Detection: 31%
                    Source: HmGUCvTQIacWu7Q.exeVirustotal: Detection: 30%Perma Link
                    Machine Learning detection for sample
                    Source: HmGUCvTQIacWu7Q.exeJoe Sandbox ML: detected
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: AwBiy.pdb source: HmGUCvTQIacWu7Q.exe
                    Source: Binary string: AwBiy.pdbSHA256 source: HmGUCvTQIacWu7Q.exe
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 4x nop then jmp 0259B280h0_2_0259AC36

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.223:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.225:587
                    Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                    Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                    Source: Joe Sandbox ViewIP Address: 208.91.199.223 208.91.199.223
                    Source: Joe Sandbox ViewIP Address: 208.91.199.224 208.91.199.224
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.223:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 208.91.199.225:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownDNS traffic detected: queries for: us2.smtp.mailhostbox.com
                    Source: HmGUCvTQIacWu7Q.exeString found in binary or memory: http://tempuri.org/x.xsd?MultiGames.Properties.Resources
                    Source: HmGUCvTQIacWu7Q.exe, 00000001.00000002.2930390277.0000000003136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, HmGUCvTQIacWu7Q.exe, 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: HmGUCvTQIacWu7Q.exeString found in binary or memory: https://github.com/zuppao).

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, cPKWk.cs.Net Code: PWYyNOa
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, cPKWk.cs.Net Code: PWYyNOa

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4fe0000.4.raw.unpack, LoginForm.csLarge array initialization: : array initializer size 33603
                    .NET source code contains very large strings
                    Source: HmGUCvTQIacWu7Q.exe, Form1.csLong String: Length: 131612
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252DC740_2_0252DC74
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025970D00_2_025970D0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025964090_2_02596409
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025964280_2_02596428
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0259D5380_2_0259D538
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025968500_2_02596850
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025968600_2_02596860
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_025958D80_2_025958D8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_02596C980_2_02596C98
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_02598D980_2_02598D98
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC6CC80_2_04CC6CC8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC00400_2_04CC0040
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC00070_2_04CC0007
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC6CC30_2_04CC6CC3
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D964700_2_04D96470
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9C6D00_2_04D9C6D0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D977F00_2_04D977F0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9C9E80_2_04D9C9E8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D999900_2_04D99990
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D949500_2_04D94950
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D98AE00_2_04D98AE0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9A4090_2_04D9A409
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D985400_2_04D98540
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D985320_2_04D98532
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9B6D90_2_04D9B6D9
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9C6C10_2_04D9C6C1
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9B6E80_2_04D9B6E8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D977CA0_2_04D977CA
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D980780_2_04D98078
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D980680_2_04D98068
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D943180_2_04D94318
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9BC910_2_04D9BC91
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D968D80_2_04D968D8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D968C90_2_04D968C9
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9A8300_2_04D9A830
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9A8200_2_04D9A820
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9C9D90_2_04D9C9D9
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9D9500_2_04D9D950
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9D9400_2_04D9D940
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D999030_2_04D99903
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D98AD20_2_04D98AD2
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9FAC00_2_04D9FAC0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9BA580_2_04D9BA58
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D9BA480_2_04D9BA48
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D91B4F0_2_04D91B4F
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D91B600_2_04D91B60
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_013893881_2_01389388
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01384A981_2_01384A98
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01389C001_2_01389C00
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_0138CE981_2_0138CE98
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01383E801_2_01383E80
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_013841C81_2_013841C8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01389BF81_2_01389BF8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01498DE01_2_01498DE0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_0149DB571_2_0149DB57
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_0149A0681_2_0149A068
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_066756F81_2_066756F8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_06673F681_2_06673F68
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_06672F001_2_06672F00
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_0667BD201_2_0667BD20
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_06679B001_2_06679B00
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_06678BB01_2_06678BB0
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_066700401_2_06670040
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_066736601_2_06673660
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_066750181_2_06675018
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename30e7bd5c-bf01-43c1-b417-4b8cd9ce37cc.exe4 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688284781.00000000027B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename30e7bd5c-bf01-43c1-b417-4b8cd9ce37cc.exe4 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1695299206.0000000004FE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename30e7bd5c-bf01-43c1-b417-4b8cd9ce37cc.exe4 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1686726438.000000000097E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000002.1696497262.0000000007EE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000000.00000000.1677331380.0000000000322000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAwBiy.exe< vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000001.00000002.2928547327.00000000010F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exe, 00000001.00000002.2928337569.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename30e7bd5c-bf01-43c1-b417-4b8cd9ce37cc.exe4 vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exeBinary or memory string: OriginalFilenameAwBiy.exe< vs HmGUCvTQIacWu7Q.exe
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xeJDNmn5vFnq5m05Ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xeJDNmn5vFnq5m05Ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xufBPyQ5f47fSODTF0.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xeJDNmn5vFnq5m05Ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/4
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HmGUCvTQIacWu7Q.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMutant created: NULL
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: HmGUCvTQIacWu7Q.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: HmGUCvTQIacWu7Q.exeReversingLabs: Detection: 31%
                    Source: HmGUCvTQIacWu7Q.exeVirustotal: Detection: 30%
                    Source: HmGUCvTQIacWu7Q.exeString found in binary or memory: Save/Load
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile read: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess created: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess created: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: AwBiy.pdb source: HmGUCvTQIacWu7Q.exe
                    Source: Binary string: AwBiy.pdbSHA256 source: HmGUCvTQIacWu7Q.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: HmGUCvTQIacWu7Q.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xufBPyQ5f47fSODTF0.cs.Net Code: pamsb0n9C7 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xufBPyQ5f47fSODTF0.cs.Net Code: pamsb0n9C7 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xufBPyQ5f47fSODTF0.cs.Net Code: pamsb0n9C7 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4fe0000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252C307 push es; ret 0_2_0252C316
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252C09F push cs; ret 0_2_0252C0AE
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252C1E1 push cs; ret 0_2_0252C1EE
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252C188 push cs; ret 0_2_0252C196
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0252A858 push ecx; ret 0_2_0252A867
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_0259D279 push cs; ret 0_2_0259D536
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC2560 pushfd ; ret 0_2_04CC256E
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC80C8 pushfd ; retf 0_2_04CC80C9
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC2023 pushfd ; ret 0_2_04CC2024
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC1FDF pushfd ; ret 0_2_04CC1FFE
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC88C1 push A92804CBh; ret 0_2_04CC88CE
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC884B push E7D804CBh; ret 0_2_04CC8856
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC79C9 pushad ; retf 0_2_04CC79CA
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC7ACB pushad ; retf 0_2_04CC7AD2
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC0AF9 pushfd ; ret 0_2_04CC0AFF
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC7A81 pushad ; retf 0_2_04CC7A82
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC7A77 pushad ; retf 0_2_04CC7A7A
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04CC7B33 pushad ; retf 0_2_04CC7B3A
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D993DD pushad ; retf 0_2_04D993DE
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D993E7 pushad ; retf 0_2_04D993E8
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 0_2_04D96EA7 push ebx; ret 0_2_04D96EAA
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeCode function: 1_2_01389B40 push eax; retf 0164h1_2_01389BF1
                    Source: HmGUCvTQIacWu7Q.exeStatic PE information: section name: .text entropy: 7.317850727657374
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, m83J8MTxS1ZKcPOHUa.csHigh entropy of concatenated method names: 'QHbI54e0xO', 'sUbIrNTtg5', 'GZgIbYigxr', 'fqaIMnZDWo', 'Ur0IPRN96A', 'FrWIiptko5', 'wcdIC5BwJl', 'z46InVQysK', 'zK7I2osK4a', 't1bI8xbqu5'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, CRMMPL8XkAh7E6r53v.csHigh entropy of concatenated method names: 'nWlgPEGbER', 'RPAgCE3KCC', 'fJedZdb0l7', 'dh4dtc7NKV', 'ktPdwteT5F', 'IJyd3e90ut', 'b3XdSDT3JI', 'JxBdhrRJ6V', 'c0DdTOEaPp', 'BnldVl4rSi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, qBiop3EZOPUUCpotc4.csHigh entropy of concatenated method names: 'nUqjWDZevi', 'vSGjKHB6o7', 'CoZjZBCKAE', 'hHvjtdrPkH', 'GWZjlbG7ZV', 'oO3jwcGnXL', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, LUAdTrajonWvL0slvt.csHigh entropy of concatenated method names: 'YAYbxV83d', 'PvtMl9bPS', 'qICi4bp7g', 'QXECRGyqw', 'tKU2J9KFO', 'gBQ8mfFBy', 'DZP7f96cHfdIN5Jr7D', 'wDm3fDMbCKj1TxaV7O', 'pPWjbqYSh', 'mVBXWHBs1'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, M7aWaSljRveVJtPwFk.csHigh entropy of concatenated method names: 'zQOBVjGsQX', 'F7JBU92dE3', 'ARVBl6ulSd', 'RHXBvmrLMS', 'U6jBKLtpbT', 'TMDBZuhgbB', 'UyfBtQtfSu', 'qXZBwR3w93', 'ucrB3HOGjk', 'Hq2BSQ7IZx'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, knVx1Bz6CMnKUX5cnA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CdZe93lOwn', 'ASueBD1Y1p', 'MrdeuO9pWH', 'FVTec9OpOh', 'VEbejKvTb7', 'X9ieesXiTV', 'x6ueXpCpTO'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, BXtYAH4mVYBMT1ZQWM.csHigh entropy of concatenated method names: 'E1m9nj6Vi1', 'BwE92FxrGs', 'yeP9WOlolA', 'ujU9K7Npo6', 'a6E9tbYKVL', 'etM9wIvAmc', 'B5f9SOdHyD', 'GlH9hMakOg', 'kkZ9V3AvPx', 'yop9NJ8Eq7'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, DcE2VksIGQeKTtFMvr.csHigh entropy of concatenated method names: 'EZ5mIeJDNm', 'yvFmQnq5m0', 'HYDmO9mxUc', 'yp9mAsiRMM', 'Sr5mB3vtVb', 'ekDmu1iiJQ', 'wnObLRiCnxYZJxrjye', 'IaD7kDdbYJw0u1XumC', 'iOGmmbVf9C', 'BUBmFS3FkR'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, fctGGmmmiLIvsbDALAh.csHigh entropy of concatenated method names: 'ToString', 'Kx1XFVJH9d', 'DDiXsZEBGF', 'XPGX0IVUwe', 'sSSXYG15DC', 'dNZXpaPNAi', 'FnfXdGXPE5', 'W9eXgMmy8o', 'uitlmdPvbQrbnASL2iu', 'kaJkIRPqpnU8c1L45Fi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, IVb0kDW1iiJQ9Zget1.csHigh entropy of concatenated method names: 'uZA108Eqlo', 'RJ61pKRYbo', 'EQW1gX0uPA', 'aEm1I54Wfd', 'RhG1Q9kZEA', 'rwIgfxPdPf', 'YIEgqcYIGN', 'LJKgJAvFdk', 'AQQg7FbxlO', 'R5WgEYsFtE'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, UA81hZ2YD9mxUc5p9s.csHigh entropy of concatenated method names: 'f5bdMvPiWf', 'TwvdiQyEIN', 'aH3dnNvv24', 'uHyd2Ix3fs', 'S0rdBDKgRn', 'yG9dupA493', 'V36dcDwqdY', 'POFdjNvXIw', 'qnKdeTqsOj', 'vfXdXqOGv2'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xhim2i6KVeHSP8fHDK.csHigh entropy of concatenated method names: 'ToString', 'GJvuNflQj8', 'nuVuKQe2gl', 'o5iuZ4WZTs', 'hNuutFxQOU', 'zaguwF7i9G', 'vwxu3KgamO', 's0NuSJyfoa', 'taNuhfTUX5', 'CdxuTqvqrN'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, TjhCvFpqyq5lfJSyHj.csHigh entropy of concatenated method names: 'Dispose', 'L6qmEtFtGd', 'sNNaKWssQv', 'NcR33oWaKr', 'MGxmkg7cUr', 'NvWmzPZ1eW', 'ProcessDialogKey', 'CHcaoBiop3', 'HOPamUUCpo', 'Ic4aadLqaI'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xufBPyQ5f47fSODTF0.csHigh entropy of concatenated method names: 'PvSF0K8IkJ', 'ROhFYLivlU', 'wjbFp7Uqjo', 'OBSFdI3BEf', 'vBLFgP6s6Y', 'goRF1Nr4Rq', 'R6rFIma5aX', 'YmlFQiFfpK', 'HucFLbrnwX', 'hsiFO2EvQa'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, wxg7cU7rVvWPZ1eWiH.csHigh entropy of concatenated method names: 'PeOjYU6Fik', 'RM5jpiGU9k', 'CNejdsYRft', 'jSxjgH0ZvS', 'lSMj1lB8a5', 'jWWjIhGsrd', 'mufjQ1LEo4', 'RvUjLyeL3D', 'pWmjOIh0FX', 'hr7jAfIlDP'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, B67YpGmoCDolABiLmaZ.csHigh entropy of concatenated method names: 'X1Ke5KnFCT', 'DXXerj1GY3', 'FRBebVK6Js', 'OPAeMxMjtf', 'XUZePPYWt0', 'YEheiLK39r', 'vOTeC3BOvv', 'xt6enHd9OY', 'fdGe2xajtt', 'fFHe8mZST6'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, hLqaIgk9m7qHwPKJrY.csHigh entropy of concatenated method names: 'biWemIfelN', 'oMHeFQuNd6', 'YMIessT0rm', 'WlteYgtqoZ', 'Mu0epLtj0l', 'm64eg2UuZh', 'ykZe1YgsCW', 'TD2jJElC9q', 'LV8j7vbPaw', 'CynjE8wSQJ'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xEpcpRq15xgnIyWBcp.csHigh entropy of concatenated method names: 'P32c7qeyaA', 'eIDck7rfsa', 'ekpjoxksHl', 'x9cjmJqob4', 'zHgcNQ0Nok', 'xJZcUxwZx3', 'Ekrc4gJgCZ', 'eE3clyCX1L', 'zkTcvLMkvK', 'IOEc66NjyY'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, DP9yi9SP1HS778srhs.csHigh entropy of concatenated method names: 'vxkIY0NNfe', 'hAOIdow16Y', 'TY0I1CcYl4', 'ehE1k5bNGD', 'x3r1znsqlY', 'y32IorNcrQ', 'ucqImKFBEE', 'd3SIaocG3P', 'R3gIFxEwMs', 'ao7IshpRty'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, xeJDNmn5vFnq5m05Ir.csHigh entropy of concatenated method names: 'dlsplmLqeO', 'HSKpvyceDP', 'Ytxp6VW7RI', 'WmrpDkMcS3', 'xfypfoVZXr', 'Oc6pqhCyDh', 'SCipJcmBID', 'YIFp7GonWV', 'GAIpEkbBiZ', 'O9apkKFTBH'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, rOI4W7mFmvvn99VeGTP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mHEXlihXcd', 'v1lXvwE0hG', 'vbmX6sKDHK', 'miaXD1YqHq', 'JhGXfMZTMB', 'nSWXqjx636', 'Y2rXJDZg7R'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, m83J8MTxS1ZKcPOHUa.csHigh entropy of concatenated method names: 'QHbI54e0xO', 'sUbIrNTtg5', 'GZgIbYigxr', 'fqaIMnZDWo', 'Ur0IPRN96A', 'FrWIiptko5', 'wcdIC5BwJl', 'z46InVQysK', 'zK7I2osK4a', 't1bI8xbqu5'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, CRMMPL8XkAh7E6r53v.csHigh entropy of concatenated method names: 'nWlgPEGbER', 'RPAgCE3KCC', 'fJedZdb0l7', 'dh4dtc7NKV', 'ktPdwteT5F', 'IJyd3e90ut', 'b3XdSDT3JI', 'JxBdhrRJ6V', 'c0DdTOEaPp', 'BnldVl4rSi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, qBiop3EZOPUUCpotc4.csHigh entropy of concatenated method names: 'nUqjWDZevi', 'vSGjKHB6o7', 'CoZjZBCKAE', 'hHvjtdrPkH', 'GWZjlbG7ZV', 'oO3jwcGnXL', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, LUAdTrajonWvL0slvt.csHigh entropy of concatenated method names: 'YAYbxV83d', 'PvtMl9bPS', 'qICi4bp7g', 'QXECRGyqw', 'tKU2J9KFO', 'gBQ8mfFBy', 'DZP7f96cHfdIN5Jr7D', 'wDm3fDMbCKj1TxaV7O', 'pPWjbqYSh', 'mVBXWHBs1'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, M7aWaSljRveVJtPwFk.csHigh entropy of concatenated method names: 'zQOBVjGsQX', 'F7JBU92dE3', 'ARVBl6ulSd', 'RHXBvmrLMS', 'U6jBKLtpbT', 'TMDBZuhgbB', 'UyfBtQtfSu', 'qXZBwR3w93', 'ucrB3HOGjk', 'Hq2BSQ7IZx'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, knVx1Bz6CMnKUX5cnA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CdZe93lOwn', 'ASueBD1Y1p', 'MrdeuO9pWH', 'FVTec9OpOh', 'VEbejKvTb7', 'X9ieesXiTV', 'x6ueXpCpTO'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, BXtYAH4mVYBMT1ZQWM.csHigh entropy of concatenated method names: 'E1m9nj6Vi1', 'BwE92FxrGs', 'yeP9WOlolA', 'ujU9K7Npo6', 'a6E9tbYKVL', 'etM9wIvAmc', 'B5f9SOdHyD', 'GlH9hMakOg', 'kkZ9V3AvPx', 'yop9NJ8Eq7'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, DcE2VksIGQeKTtFMvr.csHigh entropy of concatenated method names: 'EZ5mIeJDNm', 'yvFmQnq5m0', 'HYDmO9mxUc', 'yp9mAsiRMM', 'Sr5mB3vtVb', 'ekDmu1iiJQ', 'wnObLRiCnxYZJxrjye', 'IaD7kDdbYJw0u1XumC', 'iOGmmbVf9C', 'BUBmFS3FkR'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, fctGGmmmiLIvsbDALAh.csHigh entropy of concatenated method names: 'ToString', 'Kx1XFVJH9d', 'DDiXsZEBGF', 'XPGX0IVUwe', 'sSSXYG15DC', 'dNZXpaPNAi', 'FnfXdGXPE5', 'W9eXgMmy8o', 'uitlmdPvbQrbnASL2iu', 'kaJkIRPqpnU8c1L45Fi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, IVb0kDW1iiJQ9Zget1.csHigh entropy of concatenated method names: 'uZA108Eqlo', 'RJ61pKRYbo', 'EQW1gX0uPA', 'aEm1I54Wfd', 'RhG1Q9kZEA', 'rwIgfxPdPf', 'YIEgqcYIGN', 'LJKgJAvFdk', 'AQQg7FbxlO', 'R5WgEYsFtE'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, UA81hZ2YD9mxUc5p9s.csHigh entropy of concatenated method names: 'f5bdMvPiWf', 'TwvdiQyEIN', 'aH3dnNvv24', 'uHyd2Ix3fs', 'S0rdBDKgRn', 'yG9dupA493', 'V36dcDwqdY', 'POFdjNvXIw', 'qnKdeTqsOj', 'vfXdXqOGv2'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xhim2i6KVeHSP8fHDK.csHigh entropy of concatenated method names: 'ToString', 'GJvuNflQj8', 'nuVuKQe2gl', 'o5iuZ4WZTs', 'hNuutFxQOU', 'zaguwF7i9G', 'vwxu3KgamO', 's0NuSJyfoa', 'taNuhfTUX5', 'CdxuTqvqrN'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, TjhCvFpqyq5lfJSyHj.csHigh entropy of concatenated method names: 'Dispose', 'L6qmEtFtGd', 'sNNaKWssQv', 'NcR33oWaKr', 'MGxmkg7cUr', 'NvWmzPZ1eW', 'ProcessDialogKey', 'CHcaoBiop3', 'HOPamUUCpo', 'Ic4aadLqaI'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xufBPyQ5f47fSODTF0.csHigh entropy of concatenated method names: 'PvSF0K8IkJ', 'ROhFYLivlU', 'wjbFp7Uqjo', 'OBSFdI3BEf', 'vBLFgP6s6Y', 'goRF1Nr4Rq', 'R6rFIma5aX', 'YmlFQiFfpK', 'HucFLbrnwX', 'hsiFO2EvQa'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, wxg7cU7rVvWPZ1eWiH.csHigh entropy of concatenated method names: 'PeOjYU6Fik', 'RM5jpiGU9k', 'CNejdsYRft', 'jSxjgH0ZvS', 'lSMj1lB8a5', 'jWWjIhGsrd', 'mufjQ1LEo4', 'RvUjLyeL3D', 'pWmjOIh0FX', 'hr7jAfIlDP'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, B67YpGmoCDolABiLmaZ.csHigh entropy of concatenated method names: 'X1Ke5KnFCT', 'DXXerj1GY3', 'FRBebVK6Js', 'OPAeMxMjtf', 'XUZePPYWt0', 'YEheiLK39r', 'vOTeC3BOvv', 'xt6enHd9OY', 'fdGe2xajtt', 'fFHe8mZST6'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, hLqaIgk9m7qHwPKJrY.csHigh entropy of concatenated method names: 'biWemIfelN', 'oMHeFQuNd6', 'YMIessT0rm', 'WlteYgtqoZ', 'Mu0epLtj0l', 'm64eg2UuZh', 'ykZe1YgsCW', 'TD2jJElC9q', 'LV8j7vbPaw', 'CynjE8wSQJ'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xEpcpRq15xgnIyWBcp.csHigh entropy of concatenated method names: 'P32c7qeyaA', 'eIDck7rfsa', 'ekpjoxksHl', 'x9cjmJqob4', 'zHgcNQ0Nok', 'xJZcUxwZx3', 'Ekrc4gJgCZ', 'eE3clyCX1L', 'zkTcvLMkvK', 'IOEc66NjyY'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, DP9yi9SP1HS778srhs.csHigh entropy of concatenated method names: 'vxkIY0NNfe', 'hAOIdow16Y', 'TY0I1CcYl4', 'ehE1k5bNGD', 'x3r1znsqlY', 'y32IorNcrQ', 'ucqImKFBEE', 'd3SIaocG3P', 'R3gIFxEwMs', 'ao7IshpRty'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, xeJDNmn5vFnq5m05Ir.csHigh entropy of concatenated method names: 'dlsplmLqeO', 'HSKpvyceDP', 'Ytxp6VW7RI', 'WmrpDkMcS3', 'xfypfoVZXr', 'Oc6pqhCyDh', 'SCipJcmBID', 'YIFp7GonWV', 'GAIpEkbBiZ', 'O9apkKFTBH'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, rOI4W7mFmvvn99VeGTP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mHEXlihXcd', 'v1lXvwE0hG', 'vbmX6sKDHK', 'miaXD1YqHq', 'JhGXfMZTMB', 'nSWXqjx636', 'Y2rXJDZg7R'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, m83J8MTxS1ZKcPOHUa.csHigh entropy of concatenated method names: 'QHbI54e0xO', 'sUbIrNTtg5', 'GZgIbYigxr', 'fqaIMnZDWo', 'Ur0IPRN96A', 'FrWIiptko5', 'wcdIC5BwJl', 'z46InVQysK', 'zK7I2osK4a', 't1bI8xbqu5'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, CRMMPL8XkAh7E6r53v.csHigh entropy of concatenated method names: 'nWlgPEGbER', 'RPAgCE3KCC', 'fJedZdb0l7', 'dh4dtc7NKV', 'ktPdwteT5F', 'IJyd3e90ut', 'b3XdSDT3JI', 'JxBdhrRJ6V', 'c0DdTOEaPp', 'BnldVl4rSi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, qBiop3EZOPUUCpotc4.csHigh entropy of concatenated method names: 'nUqjWDZevi', 'vSGjKHB6o7', 'CoZjZBCKAE', 'hHvjtdrPkH', 'GWZjlbG7ZV', 'oO3jwcGnXL', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, LUAdTrajonWvL0slvt.csHigh entropy of concatenated method names: 'YAYbxV83d', 'PvtMl9bPS', 'qICi4bp7g', 'QXECRGyqw', 'tKU2J9KFO', 'gBQ8mfFBy', 'DZP7f96cHfdIN5Jr7D', 'wDm3fDMbCKj1TxaV7O', 'pPWjbqYSh', 'mVBXWHBs1'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, M7aWaSljRveVJtPwFk.csHigh entropy of concatenated method names: 'zQOBVjGsQX', 'F7JBU92dE3', 'ARVBl6ulSd', 'RHXBvmrLMS', 'U6jBKLtpbT', 'TMDBZuhgbB', 'UyfBtQtfSu', 'qXZBwR3w93', 'ucrB3HOGjk', 'Hq2BSQ7IZx'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, knVx1Bz6CMnKUX5cnA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CdZe93lOwn', 'ASueBD1Y1p', 'MrdeuO9pWH', 'FVTec9OpOh', 'VEbejKvTb7', 'X9ieesXiTV', 'x6ueXpCpTO'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, BXtYAH4mVYBMT1ZQWM.csHigh entropy of concatenated method names: 'E1m9nj6Vi1', 'BwE92FxrGs', 'yeP9WOlolA', 'ujU9K7Npo6', 'a6E9tbYKVL', 'etM9wIvAmc', 'B5f9SOdHyD', 'GlH9hMakOg', 'kkZ9V3AvPx', 'yop9NJ8Eq7'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, DcE2VksIGQeKTtFMvr.csHigh entropy of concatenated method names: 'EZ5mIeJDNm', 'yvFmQnq5m0', 'HYDmO9mxUc', 'yp9mAsiRMM', 'Sr5mB3vtVb', 'ekDmu1iiJQ', 'wnObLRiCnxYZJxrjye', 'IaD7kDdbYJw0u1XumC', 'iOGmmbVf9C', 'BUBmFS3FkR'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, fctGGmmmiLIvsbDALAh.csHigh entropy of concatenated method names: 'ToString', 'Kx1XFVJH9d', 'DDiXsZEBGF', 'XPGX0IVUwe', 'sSSXYG15DC', 'dNZXpaPNAi', 'FnfXdGXPE5', 'W9eXgMmy8o', 'uitlmdPvbQrbnASL2iu', 'kaJkIRPqpnU8c1L45Fi'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, IVb0kDW1iiJQ9Zget1.csHigh entropy of concatenated method names: 'uZA108Eqlo', 'RJ61pKRYbo', 'EQW1gX0uPA', 'aEm1I54Wfd', 'RhG1Q9kZEA', 'rwIgfxPdPf', 'YIEgqcYIGN', 'LJKgJAvFdk', 'AQQg7FbxlO', 'R5WgEYsFtE'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, UA81hZ2YD9mxUc5p9s.csHigh entropy of concatenated method names: 'f5bdMvPiWf', 'TwvdiQyEIN', 'aH3dnNvv24', 'uHyd2Ix3fs', 'S0rdBDKgRn', 'yG9dupA493', 'V36dcDwqdY', 'POFdjNvXIw', 'qnKdeTqsOj', 'vfXdXqOGv2'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xhim2i6KVeHSP8fHDK.csHigh entropy of concatenated method names: 'ToString', 'GJvuNflQj8', 'nuVuKQe2gl', 'o5iuZ4WZTs', 'hNuutFxQOU', 'zaguwF7i9G', 'vwxu3KgamO', 's0NuSJyfoa', 'taNuhfTUX5', 'CdxuTqvqrN'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, TjhCvFpqyq5lfJSyHj.csHigh entropy of concatenated method names: 'Dispose', 'L6qmEtFtGd', 'sNNaKWssQv', 'NcR33oWaKr', 'MGxmkg7cUr', 'NvWmzPZ1eW', 'ProcessDialogKey', 'CHcaoBiop3', 'HOPamUUCpo', 'Ic4aadLqaI'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xufBPyQ5f47fSODTF0.csHigh entropy of concatenated method names: 'PvSF0K8IkJ', 'ROhFYLivlU', 'wjbFp7Uqjo', 'OBSFdI3BEf', 'vBLFgP6s6Y', 'goRF1Nr4Rq', 'R6rFIma5aX', 'YmlFQiFfpK', 'HucFLbrnwX', 'hsiFO2EvQa'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, wxg7cU7rVvWPZ1eWiH.csHigh entropy of concatenated method names: 'PeOjYU6Fik', 'RM5jpiGU9k', 'CNejdsYRft', 'jSxjgH0ZvS', 'lSMj1lB8a5', 'jWWjIhGsrd', 'mufjQ1LEo4', 'RvUjLyeL3D', 'pWmjOIh0FX', 'hr7jAfIlDP'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, B67YpGmoCDolABiLmaZ.csHigh entropy of concatenated method names: 'X1Ke5KnFCT', 'DXXerj1GY3', 'FRBebVK6Js', 'OPAeMxMjtf', 'XUZePPYWt0', 'YEheiLK39r', 'vOTeC3BOvv', 'xt6enHd9OY', 'fdGe2xajtt', 'fFHe8mZST6'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, hLqaIgk9m7qHwPKJrY.csHigh entropy of concatenated method names: 'biWemIfelN', 'oMHeFQuNd6', 'YMIessT0rm', 'WlteYgtqoZ', 'Mu0epLtj0l', 'm64eg2UuZh', 'ykZe1YgsCW', 'TD2jJElC9q', 'LV8j7vbPaw', 'CynjE8wSQJ'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xEpcpRq15xgnIyWBcp.csHigh entropy of concatenated method names: 'P32c7qeyaA', 'eIDck7rfsa', 'ekpjoxksHl', 'x9cjmJqob4', 'zHgcNQ0Nok', 'xJZcUxwZx3', 'Ekrc4gJgCZ', 'eE3clyCX1L', 'zkTcvLMkvK', 'IOEc66NjyY'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, DP9yi9SP1HS778srhs.csHigh entropy of concatenated method names: 'vxkIY0NNfe', 'hAOIdow16Y', 'TY0I1CcYl4', 'ehE1k5bNGD', 'x3r1znsqlY', 'y32IorNcrQ', 'ucqImKFBEE', 'd3SIaocG3P', 'R3gIFxEwMs', 'ao7IshpRty'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, xeJDNmn5vFnq5m05Ir.csHigh entropy of concatenated method names: 'dlsplmLqeO', 'HSKpvyceDP', 'Ytxp6VW7RI', 'WmrpDkMcS3', 'xfypfoVZXr', 'Oc6pqhCyDh', 'SCipJcmBID', 'YIFp7GonWV', 'GAIpEkbBiZ', 'O9apkKFTBH'
                    Source: 0.2.HmGUCvTQIacWu7Q.exe.7ee0000.7.raw.unpack, rOI4W7mFmvvn99VeGTP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mHEXlihXcd', 'v1lXvwE0hG', 'vbmX6sKDHK', 'miaXD1YqHq', 'JhGXfMZTMB', 'nSWXqjx636', 'Y2rXJDZg7R'
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7300, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 2770000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 2590000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 5B30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 6B30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 6C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 7C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 7F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 8F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 9F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: AF90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 30E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWindow / User API: threadDelayed 833Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWindow / User API: threadDelayed 8986Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7448Thread sleep count: 833 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7448Thread sleep count: 8986 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99657s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep count: 38 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -99063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -98110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -97110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -95110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -94110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe TID: 7440Thread sleep time: -93985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99657Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99532Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99422Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99313Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99188Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 99063Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98938Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98813Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98703Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98594Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98469Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98360Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98235Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 98110Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97985Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97860Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97735Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97610Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97485Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97360Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97235Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 97110Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96985Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96860Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96735Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95985Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95860Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95735Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95610Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95485Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95360Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95235Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 95110Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94985Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94860Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94735Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94610Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94485Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94360Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94235Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 94110Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeThread delayed: delay time: 93985Jump to behavior
                    Source: HmGUCvTQIacWu7Q.exe, 00000001.00000002.2929111588.000000000145E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeMemory written: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeProcess created: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe "C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.2930390277.000000000312E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2930390277.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7300, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7336, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2930390277.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7300, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7336, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.HmGUCvTQIacWu7Q.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.37b9dc8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.45c53b8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.4521398.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.HmGUCvTQIacWu7Q.exe.447d378.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.2930390277.000000000312E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2930390277.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7300, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: HmGUCvTQIacWu7Q.exe PID: 7336, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		1
                    Masquerading                    		2
                    OS Credential Dumping                    		111
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    Input Capture                    		1
                    Process Discovery                    		Remote Desktop Protocol1
                    Input Capture                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
                    Virtualization/Sandbox Evasion                    		1
                    Credentials in Registry                    		141
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares11
                    Archive Collected Data                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object Model2
                    Data from Local System                    		11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                    Obfuscated Files or Information                    		Cached Domain Credentials24
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    HmGUCvTQIacWu7Q.exe32%ReversingLabs
                    HmGUCvTQIacWu7Q.exe30%VirustotalBrowse
                    HmGUCvTQIacWu7Q.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://tempuri.org/x.xsd?MultiGames.Properties.Resources2%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    us2.smtp.mailhostbox.com
                    		208.91.199.223
                    		truefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://tempuri.org/x.xsd?MultiGames.Properties.ResourcesHmGUCvTQIacWu7Q.exefalseunknown
                      https://account.dyn.com/HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, HmGUCvTQIacWu7Q.exe, 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, HmGUCvTQIacWu7Q.exe, 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        		high
                        http://us2.smtp.mailhostbox.comHmGUCvTQIacWu7Q.exe, 00000001.00000002.2930390277.0000000003136000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/zuppao).HmGUCvTQIacWu7Q.exefalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            208.91.198.143
                            		unknownUnited States
                            		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                            208.91.199.225
                            		unknownUnited States
                            		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                            208.91.199.223
                            		us2.smtp.mailhostbox.comUnited States
                            		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                            208.91.199.224
                            		unknownUnited States
                            		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1428649
                            Start date and time:2024-04-19 11:12:08 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 49s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:HmGUCvTQIacWu7Q.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@3/1@1/4
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 163
                            • Number of non-executed functions: 36
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            11:12:59API Interceptor544911x Sleep call for process: HmGUCvTQIacWu7Q.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            208.91.198.143Payment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                              Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                  CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                    PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                      rks18.docGet hashmaliciousAgentTeslaBrowse
                                        PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                          DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                            J2TDUpZm2s.exeGet hashmaliciousAgentTeslaBrowse
                                              J1odVFynAz.exeGet hashmaliciousAgentTeslaBrowse
                                                208.91.199.225Payment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                  Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                    Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                      CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                        PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                          rks18.docGet hashmaliciousAgentTeslaBrowse
                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                              DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                                                J2TDUpZm2s.exeGet hashmaliciousAgentTeslaBrowse
                                                                  J1odVFynAz.exeGet hashmaliciousAgentTeslaBrowse
                                                                    208.91.199.223Payment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                      Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                        Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                          CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                              rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    J2TDUpZm2s.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      J1odVFynAz.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        208.91.199.224Payment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                          Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                    PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        J2TDUpZm2s.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          J1odVFynAz.exeGet hashmaliciousAgentTeslaBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            us2.smtp.mailhostbox.comPayment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                            • 208.91.198.143
                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.198.143
                                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.223
                                                                                                            CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.198.143
                                                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.225
                                                                                                            rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.225
                                                                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.223
                                                                                                            J2TDUpZm2s.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.198.143
                                                                                                            J1odVFynAz.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.225

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSPayment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • 116.206.104.215
                                                                                                            CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 162.215.248.214
                                                                                                            Bill-Transcript_6ZB6-IJYD3B-SEH0.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 45.113.122.212
                                                                                                            rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSPayment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • 116.206.104.215
                                                                                                            CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 162.215.248.214
                                                                                                            Bill-Transcript_6ZB6-IJYD3B-SEH0.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 45.113.122.212
                                                                                                            rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSPayment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • 116.206.104.215
                                                                                                            CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 162.215.248.214
                                                                                                            Bill-Transcript_6ZB6-IJYD3B-SEH0.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 45.113.122.212
                                                                                                            rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PUBLIC-DOMAIN-REGISTRYUSPayment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            Syknivkloo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • 116.206.104.215
                                                                                                            CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PURCHASE ORDER -HDPESD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 162.215.248.214
                                                                                                            Bill-Transcript_6ZB6-IJYD3B-SEH0.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 45.113.122.212
                                                                                                            rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224
                                                                                                            PayFmc6FL4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 208.91.199.224

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HmGUCvTQIacWu7Q.exe.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1216
                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                            Malicious:false
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.312246160292827
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                            File name:HmGUCvTQIacWu7Q.exe
                                                                                                            File size:1'031'680 bytes
                                                                                                            MD5:ff1d0766297fb6e6aad3dc1008559378
                                                                                                            SHA1:73feaee0551ae5e811933319cfdaf0bb4d8b457b
                                                                                                            SHA256:5411cdb506aeb34244854a919278dd88877f92e0a97561aa50d11d8b0dfb86b8
                                                                                                            SHA512:942b328054d8e10576fe716d6eb32148b4ca656944dc057b232e190ba241495a450e5cff706d0f3083d44a2de9e70f4ee7349b2678af0f959a0338b7c95a2f8a
                                                                                                            SSDEEP:24576:A2llb+23cUxsRq4pyzJXYiZYsPrKIhICqnML:PllL2zMJ5K0IB
                                                                                                            TLSH:5825E23D1CBE2A3B91B6C6AACFE98467F040D07B39116D7694D383A58346A9375C313E
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."f..............0.................. ........@.. ....................... ............@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4fd212
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x66221DF1 [Fri Apr 19 07:32:01 2024 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xfd1c00x4f.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xfe0000x5f0.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1000000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xfb4fc0x54.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xfb2180xfb400b29c28bbaf3426e0c8083712d88e76d2False0.7935527440920398data7.317850727657374IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xfe0000x5f00x6001342cf6ea2113f5f4a953ca71fce9c4eFalse0.4388020833333333data4.183722976862183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0x1000000xc0x20016c483589f731cde6984d38c605e2090False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_VERSION0xfe0900x360data0.4363425925925926
                                                                                                            RT_MANIFEST0xfe4000x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Network Behavior

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 19, 2024 11:13:02.491861105 CEST49730587192.168.2.4208.91.199.223
                                                                                                            Apr 19, 2024 11:13:03.493516922 CEST49730587192.168.2.4208.91.199.223
                                                                                                            Apr 19, 2024 11:13:05.493530035 CEST49730587192.168.2.4208.91.199.223
                                                                                                            Apr 19, 2024 11:13:09.493401051 CEST49730587192.168.2.4208.91.199.223
                                                                                                            Apr 19, 2024 11:13:17.493437052 CEST49730587192.168.2.4208.91.199.223
                                                                                                            Apr 19, 2024 11:13:23.496257067 CEST49730587192.168.2.4208.91.198.143
                                                                                                            Apr 19, 2024 11:13:24.493498087 CEST49730587192.168.2.4208.91.198.143
                                                                                                            Apr 19, 2024 11:13:26.493463039 CEST49730587192.168.2.4208.91.198.143
                                                                                                            Apr 19, 2024 11:13:30.493457079 CEST49730587192.168.2.4208.91.198.143
                                                                                                            Apr 19, 2024 11:13:38.493536949 CEST49730587192.168.2.4208.91.198.143
                                                                                                            Apr 19, 2024 11:13:44.493949890 CEST49730587192.168.2.4208.91.199.224
                                                                                                            Apr 19, 2024 11:13:45.493561983 CEST49730587192.168.2.4208.91.199.224
                                                                                                            Apr 19, 2024 11:13:47.493550062 CEST49730587192.168.2.4208.91.199.224
                                                                                                            Apr 19, 2024 11:13:51.493535042 CEST49730587192.168.2.4208.91.199.224
                                                                                                            Apr 19, 2024 11:13:59.493504047 CEST49730587192.168.2.4208.91.199.224
                                                                                                            Apr 19, 2024 11:14:05.493942022 CEST49730587192.168.2.4208.91.199.225
                                                                                                            Apr 19, 2024 11:14:06.509217024 CEST49730587192.168.2.4208.91.199.225
                                                                                                            Apr 19, 2024 11:14:08.524785995 CEST49730587192.168.2.4208.91.199.225
                                                                                                            Apr 19, 2024 11:14:12.540592909 CEST49730587192.168.2.4208.91.199.225
                                                                                                            Apr 19, 2024 11:14:20.556094885 CEST49730587192.168.2.4208.91.199.225

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 19, 2024 11:13:02.375554085 CEST5574653192.168.2.41.1.1.1
                                                                                                            Apr 19, 2024 11:13:02.482995033 CEST53557461.1.1.1192.168.2.4

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Apr 19, 2024 11:13:02.375554085 CEST192.168.2.41.1.1.10xb698Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Apr 19, 2024 11:13:02.482995033 CEST1.1.1.1192.168.2.40xb698No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                            Apr 19, 2024 11:13:02.482995033 CEST1.1.1.1192.168.2.40xb698No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                            Apr 19, 2024 11:13:02.482995033 CEST1.1.1.1192.168.2.40xb698No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                                            Apr 19, 2024 11:13:02.482995033 CEST1.1.1.1192.168.2.40xb698No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:11:12:59
                                                                                                            Start date:19/04/2024
                                                                                                            Path:C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"
                                                                                                            Imagebase:0x320000
                                                                                                            File size:1'031'680 bytes
                                                                                                            MD5 hash:FF1D0766297FB6E6AAD3DC1008559378
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1688788838.0000000003779000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1688788838.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:11:13:00
                                                                                                            Start date:19/04/2024
                                                                                                            Path:C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\HmGUCvTQIacWu7Q.exe"
                                                                                                            Imagebase:0xc30000
                                                                                                            File size:1'031'680 bytes
                                                                                                            MD5 hash:FF1D0766297FB6E6AAD3DC1008559378
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2930390277.000000000312E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2928337569.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2930390277.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2930390277.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:8.7%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0.9%
                                                                                                              Total number of Nodes:327
                                                                                                              Total number of Limit Nodes:13
                                                                                                              execution_graph 45657 259b4d8 45658 259b698 45657->45658 45659 259b4fe 45657->45659 45660 259b663 45659->45660 45662 2597a00 45659->45662 45663 259bb60 PostMessageW 45662->45663 45664 259bbcc 45663->45664 45664->45659 45665 259c698 45666 259c6c0 45665->45666 45667 259c6b6 45665->45667 45670 259c6ff 45667->45670 45675 259c700 45667->45675 45671 259c70e 45670->45671 45674 259c72d 45670->45674 45680 259ba38 45671->45680 45674->45666 45676 259c70e 45675->45676 45679 259c72d 45675->45679 45677 259ba38 FindCloseChangeNotification 45676->45677 45678 259c729 45677->45678 45678->45666 45679->45666 45681 259c878 FindCloseChangeNotification 45680->45681 45682 259c729 45681->45682 45682->45666 45947 24dd01c 45948 24dd034 45947->45948 45949 24dd08e 45948->45949 45954 4cc2bb0 45948->45954 45963 4cc2c17 45948->45963 45972 4cc0ad4 45948->45972 45981 4cc2bb3 45948->45981 45955 4cc2c18 45954->45955 45956 4cc2c79 45955->45956 45958 4cc2c69 45955->45958 46006 4cc0bfc 45956->46006 45990 4cc2e6c 45958->45990 45996 4cc2da0 45958->45996 46001 4cc2d9f 45958->46001 45959 4cc2c77 45959->45959 45965 4cc2c20 45963->45965 45964 4cc2c79 45966 4cc0bfc CallWindowProcW 45964->45966 45965->45964 45967 4cc2c69 45965->45967 45968 4cc2c77 45966->45968 45969 4cc2e6c CallWindowProcW 45967->45969 45970 4cc2d9f CallWindowProcW 45967->45970 45971 4cc2da0 CallWindowProcW 45967->45971 45969->45968 45970->45968 45971->45968 45975 4cc0adf 45972->45975 45973 4cc2c79 45974 4cc0bfc CallWindowProcW 45973->45974 45977 4cc2c77 45974->45977 45975->45973 45976 4cc2c69 45975->45976 45978 4cc2e6c CallWindowProcW 45976->45978 45979 4cc2d9f CallWindowProcW 45976->45979 45980 4cc2da0 CallWindowProcW 45976->45980 45977->45977 45978->45977 45979->45977 45980->45977 45983 4cc2c20 45981->45983 45982 4cc2c79 45984 4cc0bfc CallWindowProcW 45982->45984 45983->45982 45985 4cc2c69 45983->45985 45986 4cc2c77 45984->45986 45987 4cc2e6c CallWindowProcW 45985->45987 45988 4cc2d9f CallWindowProcW 45985->45988 45989 4cc2da0 CallWindowProcW 45985->45989 45987->45986 45988->45986 45989->45986 45991 4cc2e2a 45990->45991 45992 4cc2e7a 45990->45992 46010 4cc2e58 45991->46010 46013 4cc2e47 45991->46013 45993 4cc2e40 45993->45959 45998 4cc2db4 45996->45998 45997 4cc2e40 45997->45959 45999 4cc2e58 CallWindowProcW 45998->45999 46000 4cc2e47 CallWindowProcW 45998->46000 45999->45997 46000->45997 46002 4cc2db4 46001->46002 46004 4cc2e58 CallWindowProcW 46002->46004 46005 4cc2e47 CallWindowProcW 46002->46005 46003 4cc2e40 46003->45959 46004->46003 46005->46003 46007 4cc0c07 46006->46007 46008 4cc435a CallWindowProcW 46007->46008 46009 4cc4309 46007->46009 46008->46009 46009->45959 46011 4cc2e69 46010->46011 46016 4cc429f 46010->46016 46011->45993 46014 4cc2e69 46013->46014 46015 4cc429f CallWindowProcW 46013->46015 46014->45993 46015->46014 46017 4cc0bfc CallWindowProcW 46016->46017 46018 4cc42aa 46017->46018 46018->46011 45683 259995a 45688 259a2c1 45683->45688 45705 259a336 45683->45705 45723 259a2d0 45683->45723 45684 2599969 45689 259a2c4 45688->45689 45696 259a2f2 45689->45696 45740 259a72b 45689->45740 45745 259a812 45689->45745 45750 259aa33 45689->45750 45755 259b15e 45689->45755 45759 259aadb 45689->45759 45764 259b178 45689->45764 45768 259a958 45689->45768 45773 259aa47 45689->45773 45777 259ad27 45689->45777 45781 259a922 45689->45781 45787 259ae03 45689->45787 45792 259a8e3 45689->45792 45797 259a6a3 45689->45797 45802 259a6c1 45689->45802 45696->45684 45706 259a2c4 45705->45706 45708 259a339 45705->45708 45707 259a2f2 45706->45707 45709 259a958 2 API calls 45706->45709 45710 259b178 2 API calls 45706->45710 45711 259aadb 2 API calls 45706->45711 45712 259b15e 2 API calls 45706->45712 45713 259aa33 2 API calls 45706->45713 45714 259a812 2 API calls 45706->45714 45715 259a72b 2 API calls 45706->45715 45716 259a6c1 2 API calls 45706->45716 45717 259a6a3 2 API calls 45706->45717 45718 259a8e3 2 API calls 45706->45718 45719 259ae03 2 API calls 45706->45719 45720 259a922 4 API calls 45706->45720 45721 259ad27 2 API calls 45706->45721 45722 259aa47 2 API calls 45706->45722 45707->45684 45708->45684 45709->45707 45710->45707 45711->45707 45712->45707 45713->45707 45714->45707 45715->45707 45716->45707 45717->45707 45718->45707 45719->45707 45720->45707 45721->45707 45722->45707 45724 259a2ea 45723->45724 45725 259a958 2 API calls 45724->45725 45726 259b178 2 API calls 45724->45726 45727 259aadb 2 API calls 45724->45727 45728 259b15e 2 API calls 45724->45728 45729 259aa33 2 API calls 45724->45729 45730 259a812 2 API calls 45724->45730 45731 259a2f2 45724->45731 45732 259a72b 2 API calls 45724->45732 45733 259a6c1 2 API calls 45724->45733 45734 259a6a3 2 API calls 45724->45734 45735 259a8e3 2 API calls 45724->45735 45736 259ae03 2 API calls 45724->45736 45737 259a922 4 API calls 45724->45737 45738 259ad27 2 API calls 45724->45738 45739 259aa47 2 API calls 45724->45739 45725->45731 45726->45731 45727->45731 45728->45731 45729->45731 45730->45731 45731->45684 45732->45731 45733->45731 45734->45731 45735->45731 45736->45731 45737->45731 45738->45731 45739->45731 45741 259a6a7 45740->45741 45807 259950c 45741->45807 45811 2599518 45741->45811 45746 259aaf9 45745->45746 45815 259b490 45746->45815 45820 259b480 45746->45820 45747 259a7fc 45747->45696 45751 259aa40 45750->45751 45753 259b490 2 API calls 45751->45753 45754 259b480 2 API calls 45751->45754 45752 259a7fc 45752->45696 45753->45752 45754->45752 45756 259b0a9 45755->45756 45833 259928c 45756->45833 45837 2599290 45756->45837 45760 259aae1 45759->45760 45762 259b490 2 API calls 45760->45762 45763 259b480 2 API calls 45760->45763 45761 259a7fc 45761->45696 45762->45761 45763->45761 45841 259937e 45764->45841 45845 2599380 45764->45845 45765 259b19a 45769 259a964 45768->45769 45771 259928c WriteProcessMemory 45769->45771 45772 2599290 WriteProcessMemory 45769->45772 45770 259ae9b 45771->45770 45772->45770 45849 2598cc0 45773->45849 45853 2598cb8 45773->45853 45774 259aa61 45774->45696 45779 259928c WriteProcessMemory 45777->45779 45780 2599290 WriteProcessMemory 45777->45780 45778 259a7c7 45778->45696 45779->45778 45780->45778 45857 25991c8 45781->45857 45861 25991d0 45781->45861 45782 259a940 45783 259928c WriteProcessMemory 45782->45783 45784 2599290 WriteProcessMemory 45782->45784 45783->45782 45784->45782 45788 259ae07 45787->45788 45790 2598cb8 Wow64SetThreadContext 45788->45790 45791 2598cc0 Wow64SetThreadContext 45788->45791 45789 259ae22 45789->45696 45789->45789 45790->45789 45791->45789 45793 259ae07 45792->45793 45795 2598cb8 Wow64SetThreadContext 45793->45795 45796 2598cc0 Wow64SetThreadContext 45793->45796 45794 259ae22 45794->45696 45794->45794 45795->45794 45796->45794 45798 259a6a7 45797->45798 45800 2599518 CreateProcessA 45798->45800 45801 259950c CreateProcessA 45798->45801 45799 259a79f 45799->45696 45800->45799 45801->45799 45803 259a6d3 45802->45803 45805 2599518 CreateProcessA 45803->45805 45806 259950c CreateProcessA 45803->45806 45804 259a79f 45804->45696 45805->45804 45806->45804 45808 25995a1 CreateProcessA 45807->45808 45810 2599763 45808->45810 45812 25995a1 CreateProcessA 45811->45812 45814 2599763 45812->45814 45816 259b4a5 45815->45816 45825 2598c08 45816->45825 45829 2598c10 45816->45829 45817 259b4b8 45817->45747 45821 259b4a5 45820->45821 45823 2598c08 ResumeThread 45821->45823 45824 2598c10 ResumeThread 45821->45824 45822 259b4b8 45822->45747 45823->45822 45824->45822 45826 2598c50 ResumeThread 45825->45826 45828 2598c81 45826->45828 45828->45817 45830 2598c50 ResumeThread 45829->45830 45832 2598c81 45830->45832 45832->45817 45834 25992d8 WriteProcessMemory 45833->45834 45836 259932f 45834->45836 45836->45756 45838 25992d8 WriteProcessMemory 45837->45838 45840 259932f 45838->45840 45840->45756 45842 25993cb ReadProcessMemory 45841->45842 45844 259940f 45842->45844 45844->45765 45846 25993cb ReadProcessMemory 45845->45846 45848 259940f 45846->45848 45848->45765 45850 2598d05 Wow64SetThreadContext 45849->45850 45852 2598d4d 45850->45852 45852->45774 45854 2598d05 Wow64SetThreadContext 45853->45854 45856 2598d4d 45854->45856 45856->45774 45858 2599210 VirtualAllocEx 45857->45858 45860 259924d 45858->45860 45860->45782 45862 2599210 VirtualAllocEx 45861->45862 45864 259924d 45862->45864 45864->45782 45865 4cc6cc8 45866 4cc6cf2 45865->45866 45869 4cc6b44 45866->45869 45868 4cc6d4d 45870 4cc6b4f 45869->45870 45871 4cc84cb 45870->45871 45873 2525c9c 45870->45873 45871->45868 45874 2525ca7 45873->45874 45876 2528653 45874->45876 45880 252ad00 45874->45880 45875 2528691 45875->45871 45876->45875 45884 252cdf0 45876->45884 45889 252cde1 45876->45889 45894 252ad27 45880->45894 45899 252ad38 45880->45899 45881 252ad16 45881->45876 45885 252ce11 45884->45885 45886 252ce35 45885->45886 45931 252cf9f 45885->45931 45935 252cfa0 45885->45935 45886->45875 45890 252ce11 45889->45890 45891 252ce35 45890->45891 45892 252cfa0 3 API calls 45890->45892 45893 252cf9f 3 API calls 45890->45893 45891->45875 45892->45891 45893->45891 45895 252ad38 45894->45895 45903 252ae30 45895->45903 45911 252ae21 45895->45911 45896 252ad47 45896->45881 45901 252ae30 2 API calls 45899->45901 45902 252ae21 2 API calls 45899->45902 45900 252ad47 45900->45881 45901->45900 45902->45900 45904 252ae41 45903->45904 45905 252ae64 45903->45905 45904->45905 45919 252b0c8 45904->45919 45923 252b0b9 45904->45923 45905->45896 45906 252ae5c 45906->45905 45907 252b068 GetModuleHandleW 45906->45907 45908 252b095 45907->45908 45908->45896 45912 252ae41 45911->45912 45913 252ae64 45911->45913 45912->45913 45917 252b0c8 LoadLibraryExW 45912->45917 45918 252b0b9 LoadLibraryExW 45912->45918 45913->45896 45914 252ae5c 45914->45913 45915 252b068 GetModuleHandleW 45914->45915 45916 252b095 45915->45916 45916->45896 45917->45914 45918->45914 45920 252b0dc 45919->45920 45921 252b101 45920->45921 45927 252a870 45920->45927 45921->45906 45924 252b0dc 45923->45924 45925 252b101 45924->45925 45926 252a870 LoadLibraryExW 45924->45926 45925->45906 45926->45925 45928 252b2a8 LoadLibraryExW 45927->45928 45930 252b321 45928->45930 45930->45921 45933 252cfad 45931->45933 45932 252cfe7 45932->45886 45933->45932 45939 252c8d8 45933->45939 45936 252cfad 45935->45936 45937 252cfe7 45936->45937 45938 252c8d8 3 API calls 45936->45938 45937->45886 45938->45937 45940 252c8dd 45939->45940 45941 252d8f8 45940->45941 45943 252ca04 45940->45943 45944 252ca0f 45943->45944 45945 2525c9c 3 API calls 45944->45945 45946 252d967 45945->45946 45946->45941 46019 252d0b8 46020 252d0fe 46019->46020 46024 252d287 46020->46024 46029 252d298 46020->46029 46021 252d1eb 46025 252d292 46024->46025 46028 252d24b 46024->46028 46027 252d2c6 46025->46027 46032 252c9a0 46025->46032 46027->46021 46028->46021 46030 252c9a0 DuplicateHandle 46029->46030 46031 252d2c6 46030->46031 46031->46021 46033 252d300 DuplicateHandle 46032->46033 46034 252d396 46033->46034 46034->46027 46035 2524668 46036 252467a 46035->46036 46037 2524686 46036->46037 46041 2524778 46036->46041 46046 2523e1c 46037->46046 46039 25246a5 46042 252479d 46041->46042 46050 2524878 46042->46050 46054 2524888 46042->46054 46047 2523e27 46046->46047 46062 2525c1c 46047->46062 46049 2526ff0 46049->46039 46052 2524888 46050->46052 46051 252498c 46052->46051 46058 252449c 46052->46058 46055 25248af 46054->46055 46056 252498c 46055->46056 46057 252449c CreateActCtxA 46055->46057 46056->46056 46057->46056 46059 2525918 CreateActCtxA 46058->46059 46061 25259db 46059->46061 46063 2525c27 46062->46063 46066 2525c3c 46063->46066 46065 2527095 46065->46049 46067 2525c47 46066->46067 46070 2525c6c 46067->46070 46069 252717a 46069->46065 46071 2525c77 46070->46071 46072 2525c9c 3 API calls 46071->46072 46073 252726d 46072->46073 46073->46069

                                                                                                              Executed Functions

                                                                                                              Function 04D94950 Relevance: 21.0, Strings: 16, Instructions: 983COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fiq$ fiq$ fiq$ fiq$ fiq$ fiq$Tedq$XXdq$XXdq$XXdq$XXdq$XXdq$l.dq$l.dq$$dq$$dq
                                                                                                              • API String ID: 0-2700996795
                                                                                                              • Opcode ID: e9f8708804e9c3c89f637d9fce69f99b890eed1d8ee743d3f8ee0ad9c0ab36f1
                                                                                                              • Instruction ID: 10f65d0aa25415cff8507a6fad968bd59bd64f316c641a4f868a54340289781e
                                                                                                              • Opcode Fuzzy Hash: e9f8708804e9c3c89f637d9fce69f99b890eed1d8ee743d3f8ee0ad9c0ab36f1
                                                                                                              • Instruction Fuzzy Hash: 6182CC31A05218EFCF118FA9D8546AEBBF2FF44300F15856AE485DB296D734ED42CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D977CA Relevance: 4.0, Strings: 3, Instructions: 217COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1998 4d977ca-4d97813 1999 4d9781a-4d97890 1998->1999 2000 4d97815 1998->2000 2005 4d97893 1999->2005 2000->1999 2006 4d9789a-4d978b6 2005->2006 2007 4d978b8 2006->2007 2008 4d978bf-4d978c0 2006->2008 2007->2005 2009 4d97a0e-4d97a7e 2007->2009 2010 4d978c5-4d978da 2007->2010 2011 4d978dc-4d9791b 2007->2011 2012 4d979d1-4d979ed 2007->2012 2013 4d97920-4d97924 2007->2013 2014 4d97950-4d97962 2007->2014 2015 4d979f2-4d97a09 2007->2015 2016 4d97967-4d97991 2007->2016 2017 4d97996-4d979cc 2007->2017 2008->2009 2008->2010 2031 4d97a80 call 4d990dc 2009->2031 2032 4d97a80 call 4d98ae0 2009->2032 2033 4d97a80 call 4d995a3 2009->2033 2034 4d97a80 call 4d98ad2 2009->2034 2035 4d97a80 call 4d99064 2009->2035 2010->2006 2011->2006 2012->2006 2018 4d97937-4d9793e 2013->2018 2019 4d97926-4d97935 2013->2019 2014->2006 2015->2006 2016->2006 2017->2006 2021 4d97945-4d9794b 2018->2021 2019->2021 2021->2006 2030 4d97a86-4d97a90 2031->2030 2032->2030 2033->2030 2034->2030 2035->2030
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Tedq$Tedq$)"
                                                                                                              • API String ID: 0-1060934619
                                                                                                              • Opcode ID: cbe2672ad39d61cc21e7bc9a7f59a3f31fdb11a1515117ebfd56fee5c933561b
                                                                                                              • Instruction ID: b85651c60e5c846e895167f6b6d6224a471855ffd98ed0c39e76a92be9eaf7df
                                                                                                              • Opcode Fuzzy Hash: cbe2672ad39d61cc21e7bc9a7f59a3f31fdb11a1515117ebfd56fee5c933561b
                                                                                                              • Instruction Fuzzy Hash: 0091E474E052099FDB08CFAAC8916DEBBF2FF89300F14842AD415AB355E7349946CF64
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D977F0 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2036 4d977f0-4d97813 2037 4d9781a-4d97890 2036->2037 2038 4d97815 2036->2038 2043 4d97893 2037->2043 2038->2037 2044 4d9789a-4d978b6 2043->2044 2045 4d978b8 2044->2045 2046 4d978bf-4d978c0 2044->2046 2045->2043 2047 4d97a0e-4d97a7e 2045->2047 2048 4d978c5-4d978da 2045->2048 2049 4d978dc-4d9791b 2045->2049 2050 4d979d1-4d979ed 2045->2050 2051 4d97920-4d97924 2045->2051 2052 4d97950-4d97962 2045->2052 2053 4d979f2-4d97a09 2045->2053 2054 4d97967-4d97991 2045->2054 2055 4d97996-4d979cc 2045->2055 2046->2047 2046->2048 2069 4d97a80 call 4d990dc 2047->2069 2070 4d97a80 call 4d98ae0 2047->2070 2071 4d97a80 call 4d995a3 2047->2071 2072 4d97a80 call 4d98ad2 2047->2072 2073 4d97a80 call 4d99064 2047->2073 2048->2044 2049->2044 2050->2044 2056 4d97937-4d9793e 2051->2056 2057 4d97926-4d97935 2051->2057 2052->2044 2053->2044 2054->2044 2055->2044 2059 4d97945-4d9794b 2056->2059 2057->2059 2059->2044 2068 4d97a86-4d97a90 2069->2068 2070->2068 2071->2068 2072->2068 2073->2068
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Tedq$Tedq$)"
                                                                                                              • API String ID: 0-1060934619
                                                                                                              • Opcode ID: ed04eee1f1098ce8f8f0445c0e3bb6f0a2da62480b6c4b0823210a230656f7cd
                                                                                                              • Instruction ID: 360c6eb96e0691bec497743b159bf0ed95cf30acc8dfb54eeedc1c6251f68558
                                                                                                              • Opcode Fuzzy Hash: ed04eee1f1098ce8f8f0445c0e3bb6f0a2da62480b6c4b0823210a230656f7cd
                                                                                                              • Instruction Fuzzy Hash: E781B374E102199FDB08CFAAC98469EBBF2FF89310F24942AD415AB354E734A945CF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D99903 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2582 4d99903-4d9997f 2583 4d99983-4d99989 2582->2583 2583->2583 2584 4d9998b-4d999b5 2583->2584 2585 4d999bc-4d999f8 2584->2585 2586 4d999b7 2584->2586 2656 4d999fa call 4d99fc1 2585->2656 2657 4d999fa call 4d99fd0 2585->2657 2586->2585 2588 4d99a00 2589 4d99a07-4d99a23 2588->2589 2590 4d99a2c-4d99a2d 2589->2590 2591 4d99a25 2589->2591 2604 4d99dbc-4d99dcf 2590->2604 2591->2588 2591->2590 2592 4d99c58-4d99c6c 2591->2592 2593 4d99b5a-4d99b66 2591->2593 2594 4d99d54-4d99d6b 2591->2594 2595 4d99b09-4d99b15 2591->2595 2596 4d99a4b-4d99a4f 2591->2596 2597 4d99d8c-4d99d90 2591->2597 2598 4d99ccf-4d99cef 2591->2598 2599 4d99bcf-4d99bef 2591->2599 2600 4d99c0e-4d99c12 2591->2600 2601 4d99b8e-4d99ba0 2591->2601 2602 4d99a78-4d99a84 2591->2602 2603 4d99d3d-4d99d4f 2591->2603 2591->2604 2605 4d99c3e-4d99c53 2591->2605 2606 4d99c71-4d99c7d 2591->2606 2607 4d99d70-4d99d87 2591->2607 2608 4d99a32-4d99a49 2591->2608 2609 4d99bf4-4d99c09 2591->2609 2610 4d99cf4-4d99d00 2591->2610 2611 4d99d2b-4d99d38 2591->2611 2612 4d99aaf-4d99ab8 2591->2612 2613 4d99ca5-4d99cb1 2591->2613 2614 4d99ba5-4d99bb1 2591->2614 2615 4d99ae4-4d99b04 2591->2615 2592->2589 2618 4d99b68 2593->2618 2619 4d99b6d-4d99b89 2593->2619 2594->2589 2634 4d99b1c-4d99b32 2595->2634 2635 4d99b17 2595->2635 2620 4d99a51-4d99a60 2596->2620 2621 4d99a62-4d99a69 2596->2621 2630 4d99da3-4d99daa 2597->2630 2631 4d99d92-4d99da1 2597->2631 2598->2589 2599->2589 2632 4d99c25-4d99c2c 2600->2632 2633 4d99c14-4d99c23 2600->2633 2601->2589 2626 4d99a8b-4d99aaa 2602->2626 2627 4d99a86 2602->2627 2603->2589 2605->2589 2636 4d99c7f 2606->2636 2637 4d99c84-4d99ca0 2606->2637 2607->2589 2608->2589 2609->2589 2622 4d99d02 2610->2622 2623 4d99d07-4d99d26 2610->2623 2611->2589 2628 4d99acb-4d99ad2 2612->2628 2629 4d99aba-4d99ac9 2612->2629 2616 4d99cb8-4d99cca 2613->2616 2617 4d99cb3 2613->2617 2624 4d99bb8-4d99bca 2614->2624 2625 4d99bb3 2614->2625 2615->2589 2616->2589 2617->2616 2618->2619 2619->2589 2641 4d99a70-4d99a76 2620->2641 2621->2641 2622->2623 2623->2589 2624->2589 2625->2624 2626->2589 2627->2626 2642 4d99ad9-4d99adf 2628->2642 2629->2642 2643 4d99db1-4d99db7 2630->2643 2631->2643 2639 4d99c33-4d99c39 2632->2639 2633->2639 2653 4d99b39-4d99b55 2634->2653 2654 4d99b34 2634->2654 2635->2634 2636->2637 2637->2589 2639->2589 2641->2589 2642->2589 2643->2589 2653->2589 2654->2653 2656->2588 2657->2588
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: tIh
                                                                                                              • API String ID: 0-443931868
                                                                                                              • Opcode ID: b88168f95fa431a05aa5a674e989cd845bb69ba8741c403300380b1b4a1ac439
                                                                                                              • Instruction ID: 957a2cbd1225be2d854bade599649f9ba202379377500acbe60515daa74b6eaf
                                                                                                              • Opcode Fuzzy Hash: b88168f95fa431a05aa5a674e989cd845bb69ba8741c403300380b1b4a1ac439
                                                                                                              • Instruction Fuzzy Hash: 84E148B0A0425ACFCB14CF99C8948AEFBB2FF89344B1195A9D451EB355D738E942CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D99990 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: tIh
                                                                                                              • API String ID: 0-443931868
                                                                                                              • Opcode ID: 92e587b5f4761ad87be574ecb585d5179f2b3444e74112cadb4ae0dc30dfb9cb
                                                                                                              • Instruction ID: 8c66d376a1105f18d60ccb937ebf9f5c2eb129603e491aaaf0d5f83999c424a2
                                                                                                              • Opcode Fuzzy Hash: 92e587b5f4761ad87be574ecb585d5179f2b3444e74112cadb4ae0dc30dfb9cb
                                                                                                              • Instruction Fuzzy Hash: C2D106B0E0524ADBCB04CF99C5948AEFBB6FB89304B149599D415AB315E738EA42CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D96470 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %
                                                                                                              • API String ID: 0-2567322570
                                                                                                              • Opcode ID: 4fec6c78b4b38e986fa28aa9167cb6afa74ecc27cd8c851d7df9fdaa337b28c0
                                                                                                              • Instruction ID: a3e36f3cd8ef1099afb3eacfc27b45bb8c4628d6605ac12c86a8a648a7a927d8
                                                                                                              • Opcode Fuzzy Hash: 4fec6c78b4b38e986fa28aa9167cb6afa74ecc27cd8c851d7df9fdaa337b28c0
                                                                                                              • Instruction Fuzzy Hash: 6E61DEB0A04215CBDF508FA8C9582BABBF1FF44704F00856BE495DB295E734EC90CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04CC6CC3 Relevance: .6, Instructions: 583COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1694953785.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4cc0000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e6b7763c0d738f2ccaa11149b248939bf2706a2af44458274140f5afbea59d5
                                                                                                              • Instruction ID: 2e60ed0959cd8a71cb08bc0f2650769e975bd2d858651f983d42a8bb754e5a92
                                                                                                              • Opcode Fuzzy Hash: 7e6b7763c0d738f2ccaa11149b248939bf2706a2af44458274140f5afbea59d5
                                                                                                              • Instruction Fuzzy Hash: 2D42E734E00319CFDB14EFA4C894A9DB7B2FF8A305F1195A9D809AB365DB30A985DF50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04CC6CC8 Relevance: .6, Instructions: 581COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1694953785.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4cc0000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 241f20c344c0bc1a7c2874ab9ba9172b236b45de1421780e2265d4137cbd3002
                                                                                                              • Instruction ID: 58ee825732834646408245755cc6af151cb290f1ec5e32169416a980d7f2ae36
                                                                                                              • Opcode Fuzzy Hash: 241f20c344c0bc1a7c2874ab9ba9172b236b45de1421780e2265d4137cbd3002
                                                                                                              • Instruction Fuzzy Hash: 6242D734E00319CFDB14EFA4C894A9DB7B2FF8A305F1195A9D809AB365DB30A985DF50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C9D9 Relevance: .2, Instructions: 234COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8643872154dd4a2655fdf660626bb55df0c27433217c4fa36de2ac6830425bd4
                                                                                                              • Instruction ID: c7d47d2ccb7964329974a2311e480158d78d256a2962216900dc39c6f6f4b919
                                                                                                              • Opcode Fuzzy Hash: 8643872154dd4a2655fdf660626bb55df0c27433217c4fa36de2ac6830425bd4
                                                                                                              • Instruction Fuzzy Hash: E691F870E152099FDF08CFA5D98099DFBF2EB89700F24A42AD416B7264E734AD469F14
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C9E8 Relevance: .2, Instructions: 231COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c622af183a0b8e78da310d9410cc1dc300786f07fe17ab5cc9314dc662c91714
                                                                                                              • Instruction ID: 0e556d705ac58ce16e376dccf85f9c1e4abad7192ee9fc1da6c8951179a8e785
                                                                                                              • Opcode Fuzzy Hash: c622af183a0b8e78da310d9410cc1dc300786f07fe17ab5cc9314dc662c91714
                                                                                                              • Instruction Fuzzy Hash: 0A91E471E15209DFDF08CFA5D98099DFBF2EB89700F20A42AE416BB264E734AD459F14
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C6C1 Relevance: .2, Instructions: 208COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ceeb052cb520f93fa9509f4afb4a81ad4ce899a02007ebf58217ea9738f2856a
                                                                                                              • Instruction ID: 27e8a09773c3885c70b3bb5c17928621515e49ca70680dcb3718e2893ab055c4
                                                                                                              • Opcode Fuzzy Hash: ceeb052cb520f93fa9509f4afb4a81ad4ce899a02007ebf58217ea9738f2856a
                                                                                                              • Instruction Fuzzy Hash: 02811574E14219DFDF04CFA9C9806AEFBB2FB89300F00955AD451A7254E738A906CF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C6D0 Relevance: .2, Instructions: 204COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7c70e772d03e0b74c71184ae21b617081f26f9d542166e610e81a1b29ded8007
                                                                                                              • Instruction ID: b457e1c8f82d6f24ed17181c095f8116fb1e747c41df79bfa34100fcca7f9512
                                                                                                              • Opcode Fuzzy Hash: 7c70e772d03e0b74c71184ae21b617081f26f9d542166e610e81a1b29ded8007
                                                                                                              • Instruction Fuzzy Hash: 8881F274E14219DFDF04CFA9D980AAEFBB2FB89300F10A95AD445B7254E738A942CF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98AE0 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 384a759f49b1d520cbd9be203d75d3aa25ff68f758cd81b111f7ab82d2e253f6
                                                                                                              • Instruction ID: dab46023dc9c1d10e361e926270bbcf9a050025ffc31271934a00d4648927c47
                                                                                                              • Opcode Fuzzy Hash: 384a759f49b1d520cbd9be203d75d3aa25ff68f758cd81b111f7ab82d2e253f6
                                                                                                              • Instruction Fuzzy Hash: B521D8B1E016188BEB18CFABD9542DEFBF3AFC9310F14C07AD508AA258DB751A458A50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98AD2 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 647c6d7d525cac6b345a93c9e1d5af72bb07bf73318604d378dd1450bcb2e94c
                                                                                                              • Instruction ID: 20922ade91fd389fe26a3d48f83671a7875efca99727f1f44b7262ff2e5f4354
                                                                                                              • Opcode Fuzzy Hash: 647c6d7d525cac6b345a93c9e1d5af72bb07bf73318604d378dd1450bcb2e94c
                                                                                                              • Instruction Fuzzy Hash: 1F21BCB1E016588BEB18CFABC95529EFBF3AFC9310F14C07AD408AA254DB751946CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93530 Relevance: 15.5, Strings: 12, Instructions: 484COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Tedq$Tedq$Tedq$Tedq$Tedq$Tedq$Tedq$Tedq$$dq$$dq$$dq$$dq
                                                                                                              • API String ID: 0-988486823
                                                                                                              • Opcode ID: bc018ce886bf083155e67330dff09635911ad40bdc6186ed913fd71170a228ea
                                                                                                              • Instruction ID: 1c529bfe541d2b2ca39fd055a3e9a6835a5c5053a779badc88555f821edd6778
                                                                                                              • Opcode Fuzzy Hash: bc018ce886bf083155e67330dff09635911ad40bdc6186ed913fd71170a228ea
                                                                                                              • Instruction Fuzzy Hash: 48023D70B00218DBDF149BA9C859BBE7AF2BF88701F148469E846EB3D4DB74AC41DB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D94D93 Relevance: 15.4, Strings: 12, Instructions: 445COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fiq$ fiq$ fiq$Tedq$Tedq$XXdq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                              • API String ID: 0-3690892595
                                                                                                              • Opcode ID: 8ded3d44f069573748e5daa6ff38afa67d16a4c0c89809458be16b42fcb107d0
                                                                                                              • Instruction ID: 0642adc70f26ec025629f05650a87934bc8b0e3c3a7ba0f4d66c0fb01f725c6c
                                                                                                              • Opcode Fuzzy Hash: 8ded3d44f069573748e5daa6ff38afa67d16a4c0c89809458be16b42fcb107d0
                                                                                                              • Instruction Fuzzy Hash: C1029E71A05218EFCF158F99D8546AEBBF2FF80300F19856AE846DB296D734EC41CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D94941 Relevance: 11.6, Strings: 9, Instructions: 343COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fiq$ fiq$ fiq$ fiq$Tedq$XXdq$XXdq$XXdq$$dq
                                                                                                              • API String ID: 0-2509316211
                                                                                                              • Opcode ID: 4034f504f928136c0062a2332d34af7054ca249ed263b80d38137ad7f6f89f74
                                                                                                              • Instruction ID: 852420fd1abd9b920d134f133d62faf7bbae94061ceb9c2af066fede522182fb
                                                                                                              • Opcode Fuzzy Hash: 4034f504f928136c0062a2332d34af7054ca249ed263b80d38137ad7f6f89f74
                                                                                                              • Instruction Fuzzy Hash: E0D14A30A04218EFDF14DFA8C8547AE7BF2BB84704F248469E446EB396DB74AD42CB55
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D94DB7 Relevance: 10.2, Strings: 8, Instructions: 235COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fiq$ fiq$Tedq$XXdq$$dq$$dq$$dq$$dq
                                                                                                              • API String ID: 0-1392282986
                                                                                                              • Opcode ID: 085620909fe6fe3825e0b44f245f8d736d86c3b32bf53d8bd7e41eeb144e95d9
                                                                                                              • Instruction ID: 5f5a2989db760cabf8f06ca21bf8cab7d3ac0c0bfcaecbdede4321f61943a9cf
                                                                                                              • Opcode Fuzzy Hash: 085620909fe6fe3825e0b44f245f8d736d86c3b32bf53d8bd7e41eeb144e95d9
                                                                                                              • Instruction Fuzzy Hash: C3918B31B05218EFDF15CF94D854AAEB7F2BF80701F298466E846EB296D330AD42CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93521 Relevance: 9.2, Strings: 7, Instructions: 423COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Tedq$Tedq$Tedq$Tedq$Tedq$$dq$$dq
                                                                                                              • API String ID: 0-4247632952
                                                                                                              • Opcode ID: c1036506e7104fc84e5891dd86ad92a49a00a5bdaaeb9968f90c4dfef6745df8
                                                                                                              • Instruction ID: 61f2184539a6f66be5660d8fa6d2c78812beed57ad95f98d62d2ca81086a4818
                                                                                                              • Opcode Fuzzy Hash: c1036506e7104fc84e5891dd86ad92a49a00a5bdaaeb9968f90c4dfef6745df8
                                                                                                              • Instruction Fuzzy Hash: 2FF15D70B00214EBEF149B68D859BBE76F2BF88701F148465E846EB3D4EB74AC41DB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9342B Relevance: 5.3, Strings: 4, Instructions: 258COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1788 4d9342b 1789 4d937e8 1788->1789 1790 4d937eb-4d937ed 1789->1790 1791 4d937ef 1790->1791 1792 4d937f6-4d93800 1790->1792 1795 4d937f4 1791->1795 1793 4d9384b-4d93870 1792->1793 1794 4d93802-4d9380c 1792->1794 1829 4d93875-4d93878 1793->1829 1794->1795 1796 4d9380e-4d93812 1794->1796 1797 4d937b7-4d937ba 1795->1797 1801 4d93835 1796->1801 1802 4d93814-4d9381d 1796->1802 1799 4d937bc 1797->1799 1800 4d937c3-4d937c7 1797->1800 1799->1796 1799->1800 1804 4d93848 1799->1804 1805 4d938b8-4d938bc 1799->1805 1806 4d938e8-4d938f2 1799->1806 1807 4d9383e-4d93843 1799->1807 1808 4d93881-4d93885 1799->1808 1809 4d93905 1799->1809 1810 4d93a37-4d93aac 1799->1810 1811 4d93b06-4d93b0b 1799->1811 1800->1789 1812 4d937c9-4d937d2 1800->1812 1813 4d93838 1801->1813 1814 4d9381f-4d93822 1802->1814 1815 4d93824-4d93831 1802->1815 1804->1829 1825 4d938df 1805->1825 1826 4d938be-4d938c7 1805->1826 1817 4d93908-4d9390d 1806->1817 1818 4d938f4-4d93900 1806->1818 1807->1797 1822 4d93887-4d93890 1808->1822 1823 4d938a6 1808->1823 1824 4d93912-4d93915 1809->1824 1899 4d93aae-4d93ab4 1810->1899 1900 4d93ac4-4d93acc 1810->1900 1811->1824 1819 4d937d9-4d937dc 1812->1819 1820 4d937d4-4d937d7 1812->1820 1813->1807 1821 4d93833 1814->1821 1815->1821 1817->1824 1818->1829 1831 4d937e6 1819->1831 1820->1831 1821->1813 1836 4d93892-4d93895 1822->1836 1837 4d93897-4d9389a 1822->1837 1834 4d938a9-4d938ab 1823->1834 1832 4d93927-4d9392b 1824->1832 1833 4d93917 1824->1833 1835 4d938e2 1825->1835 1827 4d938c9-4d938cc 1826->1827 1828 4d938ce-4d938db 1826->1828 1839 4d938dd 1827->1839 1828->1839 1829->1808 1848 4d9387a 1829->1848 1831->1790 1846 4d9392d-4d93936 1832->1846 1847 4d9394e 1832->1847 1833->1810 1833->1811 1833->1832 1841 4d93969-4d9396d 1833->1841 1842 4d93ad1-4d93af0 1833->1842 1843 4d93b10-4d93b14 1833->1843 1844 4d93bd3-4d93bea 1833->1844 1845 4d93c32-4d93c39 1833->1845 1850 4d938ad 1834->1850 1851 4d938b1-4d938b6 1834->1851 1835->1806 1840 4d938a4 1836->1840 1837->1840 1839->1835 1840->1834 1858 4d9396f-4d93978 1841->1858 1859 4d93990 1841->1859 1916 4d93af5 call 4d9765c 1842->1916 1917 4d93af5 call 4d97580 1842->1917 1860 4d93b37 1843->1860 1861 4d93b16-4d93b1f 1843->1861 1883 4d93bec-4d93bf2 1844->1883 1884 4d93c02 1844->1884 1854 4d93938-4d9393b 1846->1854 1855 4d9393d-4d9394a 1846->1855 1852 4d93951-4d9395b 1847->1852 1848->1805 1848->1806 1848->1808 1848->1809 1848->1810 1848->1811 1848->1832 1848->1841 1848->1842 1848->1843 1848->1844 1848->1845 1856 4d938af 1850->1856 1851->1805 1851->1856 1874 4d93966 1852->1874 1865 4d9394c 1854->1865 1855->1865 1856->1829 1866 4d9397a-4d9397d 1858->1866 1867 4d9397f-4d9398c 1858->1867 1864 4d93993-4d939fc 1859->1864 1870 4d93b3a-4d93bbc 1860->1870 1862 4d93b21-4d93b24 1861->1862 1863 4d93b26-4d93b33 1861->1863 1872 4d93b35 1862->1872 1863->1872 1906 4d939fe-4d93a04 1864->1906 1907 4d93a14-4d93a21 1864->1907 1865->1852 1875 4d9398e 1866->1875 1867->1875 1870->1817 1914 4d93bc2-4d93bce 1870->1914 1872->1870 1874->1841 1875->1864 1888 4d93bf4 1883->1888 1889 4d93bf6-4d93bf8 1883->1889 1918 4d93c04 call 259001e 1884->1918 1919 4d93c04 call 2590040 1884->1919 1887 4d93afb-4d93afd call 4d9ee25 1894 4d93b03 1887->1894 1888->1884 1889->1884 1891 4d93c0a 1896 4d93c11-4d93c1b 1891->1896 1894->1811 1896->1817 1897 4d93c21-4d93c2d 1896->1897 1897->1824 1902 4d93ab8-4d93aba 1899->1902 1903 4d93ab6 1899->1903 1900->1824 1902->1900 1903->1900 1908 4d93a08-4d93a0a 1906->1908 1909 4d93a06 1906->1909 1907->1817 1910 4d93a27-4d93a32 1907->1910 1908->1907 1909->1907 1910->1824 1914->1824 1916->1887 1917->1887 1918->1891 1919->1891
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Tedq$Tedq$$dq$$dq
                                                                                                              • API String ID: 0-1906367744
                                                                                                              • Opcode ID: bc0c6f3c7f909324dfcc3e89e7a8436190ee701845c3350e8b0a744b1a73a557
                                                                                                              • Instruction ID: a06b55759e04943148d33c6c9603767652fdd0991c75a23a67b0efbc35323cb9
                                                                                                              • Opcode Fuzzy Hash: bc0c6f3c7f909324dfcc3e89e7a8436190ee701845c3350e8b0a744b1a73a557
                                                                                                              • Instruction Fuzzy Hash: EEA15C70B04218EBDF149B68D859BAE77F2BF89711F148069E842EB3D0DB74AC81DB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93852 Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2097 4d93852-4d93859 2098 4d9385b-4d93870 2097->2098 2099 4d93850 2097->2099 2101 4d93875-4d93878 2098->2101 2099->2098 2102 4d9387a 2101->2102 2103 4d93881-4d93885 2101->2103 2102->2103 2104 4d93969-4d9396d 2102->2104 2105 4d938b8-4d938bc 2102->2105 2106 4d938e8-4d938f2 2102->2106 2107 4d93ad1-4d93af0 2102->2107 2108 4d93b10-4d93b14 2102->2108 2109 4d93bd3-4d93bea 2102->2109 2110 4d93c32-4d93c39 2102->2110 2111 4d93905 2102->2111 2112 4d93a37-4d93aac 2102->2112 2113 4d93927-4d9392b 2102->2113 2114 4d93b06-4d93b0b 2102->2114 2115 4d93887-4d93890 2103->2115 2116 4d938a6 2103->2116 2122 4d9396f-4d93978 2104->2122 2123 4d93990 2104->2123 2127 4d938df 2105->2127 2128 4d938be-4d938c7 2105->2128 2117 4d93908-4d9390d 2106->2117 2118 4d938f4-4d93900 2106->2118 2203 4d93af5 call 4d9765c 2107->2203 2204 4d93af5 call 4d97580 2107->2204 2129 4d93b37 2108->2129 2130 4d93b16-4d93b1f 2108->2130 2166 4d93bec-4d93bf2 2109->2166 2167 4d93c02 2109->2167 2126 4d93912-4d93915 2111->2126 2189 4d93aae-4d93ab4 2112->2189 2190 4d93ac4-4d93acc 2112->2190 2120 4d9392d-4d93936 2113->2120 2121 4d9394e 2113->2121 2114->2126 2124 4d93892-4d93895 2115->2124 2125 4d93897-4d9389a 2115->2125 2119 4d938a9-4d938ab 2116->2119 2117->2126 2118->2101 2147 4d938ad 2119->2147 2148 4d938b1-4d938b6 2119->2148 2140 4d93938-4d9393b 2120->2140 2141 4d9393d-4d9394a 2120->2141 2135 4d93951-4d9395b 2121->2135 2142 4d9397a-4d9397d 2122->2142 2143 4d9397f-4d9398c 2122->2143 2139 4d93993-4d939fc 2123->2139 2137 4d938a4 2124->2137 2125->2137 2126->2113 2138 4d93917 2126->2138 2144 4d938e2 2127->2144 2131 4d938c9-4d938cc 2128->2131 2132 4d938ce-4d938db 2128->2132 2149 4d93b3a-4d93bbc 2129->2149 2133 4d93b21-4d93b24 2130->2133 2134 4d93b26-4d93b33 2130->2134 2150 4d938dd 2131->2150 2132->2150 2151 4d93b35 2133->2151 2134->2151 2160 4d93966 2135->2160 2137->2119 2138->2104 2138->2107 2138->2108 2138->2109 2138->2110 2138->2112 2138->2113 2138->2114 2187 4d939fe-4d93a04 2139->2187 2188 4d93a14-4d93a21 2139->2188 2153 4d9394c 2140->2153 2141->2153 2154 4d9398e 2142->2154 2143->2154 2144->2106 2152 4d938af 2147->2152 2148->2105 2148->2152 2149->2117 2199 4d93bc2-4d93bce 2149->2199 2150->2144 2151->2149 2152->2101 2153->2135 2154->2139 2160->2104 2172 4d93bf4 2166->2172 2173 4d93bf6-4d93bf8 2166->2173 2200 4d93c04 call 259001e 2167->2200 2201 4d93c04 call 2590040 2167->2201 2171 4d93afb-4d93afd call 4d9ee25 2178 4d93b03 2171->2178 2172->2167 2173->2167 2174 4d93c0a 2179 4d93c11-4d93c1b 2174->2179 2178->2114 2179->2117 2180 4d93c21-4d93c2d 2179->2180 2180->2126 2191 4d93a08-4d93a0a 2187->2191 2192 4d93a06 2187->2192 2188->2117 2193 4d93a27-4d93a32 2188->2193 2195 4d93ab8-4d93aba 2189->2195 2196 4d93ab6 2189->2196 2190->2126 2191->2188 2192->2188 2193->2126 2195->2190 2196->2190 2199->2126 2200->2174 2201->2174 2203->2171 2204->2171
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $dq$$dq
                                                                                                              • API String ID: 0-2340669324
                                                                                                              • Opcode ID: 44ddc08ed2a71b736235fc7fccadd47d199b36cdcab51faaaea914b3b463be8a
                                                                                                              • Instruction ID: 8d819038473f21c5025b24da5de2268d757ab88fd597ea40b8689b5752a658b8
                                                                                                              • Opcode Fuzzy Hash: 44ddc08ed2a71b736235fc7fccadd47d199b36cdcab51faaaea914b3b463be8a
                                                                                                              • Instruction Fuzzy Hash: 36915E70B00218EBEF149B64D459BAE7AF2BF89711F148069E842EB7D0DB74AC81DB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9391E Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2205 4d9391e-4d93925 2206 4d9390d 2205->2206 2207 4d93927-4d9392b 2205->2207 2208 4d93912-4d93915 2206->2208 2209 4d9392d-4d93936 2207->2209 2210 4d9394e 2207->2210 2208->2207 2212 4d93917 2208->2212 2213 4d93938-4d9393b 2209->2213 2214 4d9393d-4d9394a 2209->2214 2211 4d93951-4d9395b 2210->2211 2223 4d93966 2211->2223 2212->2207 2215 4d93969-4d9396d 2212->2215 2216 4d93ad1-4d93af0 2212->2216 2217 4d93b10-4d93b14 2212->2217 2218 4d93bd3-4d93bea 2212->2218 2219 4d93c32-4d93c39 2212->2219 2220 4d93a37-4d93aac 2212->2220 2221 4d93b06-4d93b0b 2212->2221 2222 4d9394c 2213->2222 2214->2222 2225 4d9396f-4d93978 2215->2225 2226 4d93990 2215->2226 2285 4d93af5 call 4d9765c 2216->2285 2286 4d93af5 call 4d97580 2216->2286 2227 4d93b37 2217->2227 2228 4d93b16-4d93b1f 2217->2228 2247 4d93bec-4d93bf2 2218->2247 2248 4d93c02 2218->2248 2271 4d93aae-4d93ab4 2220->2271 2272 4d93ac4-4d93acc 2220->2272 2221->2208 2222->2211 2223->2215 2231 4d9397a-4d9397d 2225->2231 2232 4d9397f-4d9398c 2225->2232 2236 4d93993-4d939fc 2226->2236 2237 4d93b3a-4d93bbc 2227->2237 2229 4d93b21-4d93b24 2228->2229 2230 4d93b26-4d93b33 2228->2230 2238 4d93b35 2229->2238 2230->2238 2239 4d9398e 2231->2239 2232->2239 2269 4d939fe-4d93a04 2236->2269 2270 4d93a14-4d93a21 2236->2270 2261 4d93908 2237->2261 2281 4d93bc2-4d93bce 2237->2281 2238->2237 2239->2236 2252 4d93bf4 2247->2252 2253 4d93bf6-4d93bf8 2247->2253 2282 4d93c04 call 259001e 2248->2282 2283 4d93c04 call 2590040 2248->2283 2251 4d93afb-4d93afd call 4d9ee25 2258 4d93b03 2251->2258 2252->2248 2253->2248 2255 4d93c0a 2260 4d93c11-4d93c1b 2255->2260 2258->2221 2260->2261 2262 4d93c21-4d93c2d 2260->2262 2261->2206 2262->2208 2273 4d93a08-4d93a0a 2269->2273 2274 4d93a06 2269->2274 2270->2261 2277 4d93a27-4d93a32 2270->2277 2275 4d93ab8-4d93aba 2271->2275 2276 4d93ab6 2271->2276 2272->2208 2273->2270 2274->2270 2275->2272 2276->2272 2277->2208 2281->2208 2282->2255 2283->2255 2285->2251 2286->2251
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $dq$$dq
                                                                                                              • API String ID: 0-2340669324
                                                                                                              • Opcode ID: 8685c3dd12d5fe0067758c738521d60295af6758bf45f7eca800ec3d9ec868c0
                                                                                                              • Instruction ID: 4497c46b1949b5d9dad8cd6ba8dc84686cd4464f2e252ff407bb61d4e313a9de
                                                                                                              • Opcode Fuzzy Hash: 8685c3dd12d5fe0067758c738521d60295af6758bf45f7eca800ec3d9ec868c0
                                                                                                              • Instruction Fuzzy Hash: 88718E70B00218AFEF149B64C819BAE7AF2FF89711F148069E946EB3D0DB74AC41CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D99FD0 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2287 4d99fd0-4d99fee 2288 4d99ff0 2287->2288 2289 4d99ff5-4d99ffa 2287->2289 2288->2289 2301 4d99ffd call 4d9a0c8 2289->2301 2302 4d99ffd call 4d9a0b8 2289->2302 2290 4d9a003 2291 4d9a00a-4d9a026 2290->2291 2292 4d9a028 2291->2292 2293 4d9a02f-4d9a030 2291->2293 2292->2290 2292->2293 2294 4d9a09d-4d9a0a1 2292->2294 2295 4d9a032-4d9a046 2292->2295 2296 4d9a076-4d9a098 2292->2296 2293->2294 2298 4d9a059-4d9a060 2295->2298 2299 4d9a048-4d9a057 2295->2299 2296->2291 2300 4d9a067-4d9a074 2298->2300 2299->2300 2300->2291 2301->2290 2302->2290
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 3H5$3H5
                                                                                                              • API String ID: 0-2752242361
                                                                                                              • Opcode ID: d1fd2f703e6ff6f51545d81d07d988218414717ecc27b67e0ca9e2f4e3224249
                                                                                                              • Instruction ID: 5d21ee0df1acda6849ca9f7554d0928a7f0baf24e803e794737cc14f7cf35664
                                                                                                              • Opcode Fuzzy Hash: d1fd2f703e6ff6f51545d81d07d988218414717ecc27b67e0ca9e2f4e3224249
                                                                                                              • Instruction Fuzzy Hash: F521D4B1E01259EFCB44CFA9C540AAEFBF1FF89300F14C5AA9548A7318E734AA45DB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259950C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2303 259950c-25995ad 2305 25995af-25995b9 2303->2305 2306 25995e6-2599606 2303->2306 2305->2306 2307 25995bb-25995bd 2305->2307 2313 2599608-2599612 2306->2313 2314 259963f-259966e 2306->2314 2308 25995bf-25995c9 2307->2308 2309 25995e0-25995e3 2307->2309 2311 25995cb 2308->2311 2312 25995cd-25995dc 2308->2312 2309->2306 2311->2312 2312->2312 2315 25995de 2312->2315 2313->2314 2316 2599614-2599616 2313->2316 2320 2599670-259967a 2314->2320 2321 25996a7-2599761 CreateProcessA 2314->2321 2315->2309 2318 2599639-259963c 2316->2318 2319 2599618-2599622 2316->2319 2318->2314 2322 2599624 2319->2322 2323 2599626-2599635 2319->2323 2320->2321 2324 259967c-259967e 2320->2324 2334 259976a-25997f0 2321->2334 2335 2599763-2599769 2321->2335 2322->2323 2323->2323 2325 2599637 2323->2325 2326 25996a1-25996a4 2324->2326 2327 2599680-259968a 2324->2327 2325->2318 2326->2321 2329 259968c 2327->2329 2330 259968e-259969d 2327->2330 2329->2330 2330->2330 2331 259969f 2330->2331 2331->2326 2345 2599800-2599804 2334->2345 2346 25997f2-25997f6 2334->2346 2335->2334 2348 2599814-2599818 2345->2348 2349 2599806-259980a 2345->2349 2346->2345 2347 25997f8 2346->2347 2347->2345 2351 2599828-259982c 2348->2351 2352 259981a-259981e 2348->2352 2349->2348 2350 259980c 2349->2350 2350->2348 2354 259983e-2599845 2351->2354 2355 259982e-2599834 2351->2355 2352->2351 2353 2599820 2352->2353 2353->2351 2356 259985c 2354->2356 2357 2599847-2599856 2354->2357 2355->2354 2359 259985d 2356->2359 2357->2356 2359->2359
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0259974E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 0a979235bdb09390034290007202d8477375c1077d9e34944972182be12e0674
                                                                                                              • Instruction ID: 485c60788ba3288a879a5fb33e809c17dc7fb8f7ecd59d23f720c079c51ddfd0
                                                                                                              • Opcode Fuzzy Hash: 0a979235bdb09390034290007202d8477375c1077d9e34944972182be12e0674
                                                                                                              • Instruction Fuzzy Hash: 65A15971D012598FEF20CFA8C8417EEBBB2BF49314F1485AED809A7280DB759985CF95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02599518 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2360 2599518-25995ad 2362 25995af-25995b9 2360->2362 2363 25995e6-2599606 2360->2363 2362->2363 2364 25995bb-25995bd 2362->2364 2370 2599608-2599612 2363->2370 2371 259963f-259966e 2363->2371 2365 25995bf-25995c9 2364->2365 2366 25995e0-25995e3 2364->2366 2368 25995cb 2365->2368 2369 25995cd-25995dc 2365->2369 2366->2363 2368->2369 2369->2369 2372 25995de 2369->2372 2370->2371 2373 2599614-2599616 2370->2373 2377 2599670-259967a 2371->2377 2378 25996a7-2599761 CreateProcessA 2371->2378 2372->2366 2375 2599639-259963c 2373->2375 2376 2599618-2599622 2373->2376 2375->2371 2379 2599624 2376->2379 2380 2599626-2599635 2376->2380 2377->2378 2381 259967c-259967e 2377->2381 2391 259976a-25997f0 2378->2391 2392 2599763-2599769 2378->2392 2379->2380 2380->2380 2382 2599637 2380->2382 2383 25996a1-25996a4 2381->2383 2384 2599680-259968a 2381->2384 2382->2375 2383->2378 2386 259968c 2384->2386 2387 259968e-259969d 2384->2387 2386->2387 2387->2387 2388 259969f 2387->2388 2388->2383 2402 2599800-2599804 2391->2402 2403 25997f2-25997f6 2391->2403 2392->2391 2405 2599814-2599818 2402->2405 2406 2599806-259980a 2402->2406 2403->2402 2404 25997f8 2403->2404 2404->2402 2408 2599828-259982c 2405->2408 2409 259981a-259981e 2405->2409 2406->2405 2407 259980c 2406->2407 2407->2405 2411 259983e-2599845 2408->2411 2412 259982e-2599834 2408->2412 2409->2408 2410 2599820 2409->2410 2410->2408 2413 259985c 2411->2413 2414 2599847-2599856 2411->2414 2412->2411 2416 259985d 2413->2416 2414->2413 2416->2416
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0259974E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: acf6ee6f7a484f9774cc2dcbb879459d2432b3bf3ef3e9084e4448e5234a4a56
                                                                                                              • Instruction ID: 26c3b1ae4c4eb4b946d18a1d0aba0caa8a714fa06e6bbca30f5541ba9d1d2e12
                                                                                                              • Opcode Fuzzy Hash: acf6ee6f7a484f9774cc2dcbb879459d2432b3bf3ef3e9084e4448e5234a4a56
                                                                                                              • Instruction Fuzzy Hash: FC915971D002599FEF20CFA8C841BEEBBB2BF48314F1485ADD809A7280DB759985CF95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252AE30 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2417 252ae30-252ae3f 2418 252ae41-252ae4e call 2529838 2417->2418 2419 252ae6b-252ae6f 2417->2419 2424 252ae50 2418->2424 2425 252ae64 2418->2425 2421 252ae83-252aec4 2419->2421 2422 252ae71-252ae7b 2419->2422 2428 252aed1-252aedf 2421->2428 2429 252aec6-252aece 2421->2429 2422->2421 2472 252ae56 call 252b0c8 2424->2472 2473 252ae56 call 252b0b9 2424->2473 2425->2419 2430 252af03-252af05 2428->2430 2431 252aee1-252aee6 2428->2431 2429->2428 2436 252af08-252af0f 2430->2436 2433 252aef1 2431->2433 2434 252aee8-252aeef call 252a814 2431->2434 2432 252ae5c-252ae5e 2432->2425 2435 252afa0-252b060 2432->2435 2438 252aef3-252af01 2433->2438 2434->2438 2467 252b062-252b065 2435->2467 2468 252b068-252b093 GetModuleHandleW 2435->2468 2439 252af11-252af19 2436->2439 2440 252af1c-252af23 2436->2440 2438->2436 2439->2440 2442 252af30-252af39 call 252a824 2440->2442 2443 252af25-252af2d 2440->2443 2448 252af46-252af4b 2442->2448 2449 252af3b-252af43 2442->2449 2443->2442 2450 252af69-252af6d 2448->2450 2451 252af4d-252af54 2448->2451 2449->2448 2456 252af73-252af76 2450->2456 2451->2450 2453 252af56-252af66 call 252a834 call 252a844 2451->2453 2453->2450 2458 252af78-252af96 2456->2458 2459 252af99-252af9f 2456->2459 2458->2459 2467->2468 2469 252b095-252b09b 2468->2469 2470 252b09c-252b0b0 2468->2470 2469->2470 2472->2432 2473->2432
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0252B086
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 15b686a3c1ae79385f153fc66c6e714baf4df030d084c1514892eeb239f36a0f
                                                                                                              • Instruction ID: 2539c5e7d5654f7e8296de90957ee1fa9ddc80de0cf73e0416c4a45a10a26580
                                                                                                              • Opcode Fuzzy Hash: 15b686a3c1ae79385f153fc66c6e714baf4df030d084c1514892eeb239f36a0f
                                                                                                              • Instruction Fuzzy Hash: CC7138B0A00B558FD724DF29D04075ABBF1FF89314F00892DD48AD7A90DB79E94ACB94
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04CC0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04CC4381
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1694953785.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4cc0000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallProcWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 2714655100-0
                                                                                                              • Opcode ID: ba1d7bed2731fa121e004df3d13e8e275886b1affedaccaf95d5f86f4d6478c7
                                                                                                              • Instruction ID: 456c69880dea634ff095ecaf6494b2490aaac7e105864c310919957d180c2db4
                                                                                                              • Opcode Fuzzy Hash: ba1d7bed2731fa121e004df3d13e8e275886b1affedaccaf95d5f86f4d6478c7
                                                                                                              • Instruction Fuzzy Hash: 3D4129B4A003099FDB14CF99C848AAAFBF6FB88314F28C55DD419A7321D774A941CBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 025259C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: 47e9efa4f070b02d13e4c1d0da69b5db709a6474bcb3598c35636e207c9fb648
                                                                                                              • Instruction ID: 711b4cb2ad6d1d39ad2e10e5a7785bf8b88e039238e14f16de6c31ae358b4404
                                                                                                              • Opcode Fuzzy Hash: 47e9efa4f070b02d13e4c1d0da69b5db709a6474bcb3598c35636e207c9fb648
                                                                                                              • Instruction Fuzzy Hash: 804113B0D0072DCBDB24CFA9C844B8DBBF5BF49314F60806AD409AB291DB716949CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02525917 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 025259C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: c7398b1248cdb32ba9718748f5879ca8d6cb4ab7a663c8f77f368a9582d0fb98
                                                                                                              • Instruction ID: c77f889d86e740e9dca0a6206a65a6df268b3e9603b6d8039b3e64e8f517892d
                                                                                                              • Opcode Fuzzy Hash: c7398b1248cdb32ba9718748f5879ca8d6cb4ab7a663c8f77f368a9582d0fb98
                                                                                                              • Instruction Fuzzy Hash: E641E2B0D0071DCBDB24CFA9C885BCDBBB5BF49314F60806AD409AB291DB756949CF50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02599290 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02599320
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: e203f3aaa5ccc402fcf03c68d8a872262de469177f30e56e283335b03594d7a3
                                                                                                              • Instruction ID: 41d18f9947444fdb50b4f61cebeb462a3612bd49c7931ada5b0f378eaeae60a6
                                                                                                              • Opcode Fuzzy Hash: e203f3aaa5ccc402fcf03c68d8a872262de469177f30e56e283335b03594d7a3
                                                                                                              • Instruction Fuzzy Hash: 5B2126B19003099FCF10DFAAC885BDEBBF5FF48314F508429E919A7240C7789944CBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259928C Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02599320
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 072a5ebb6a311f0c62d0eb2954da0c787e65c90cfccb0d36f53f8fbd15aa602f
                                                                                                              • Instruction ID: d5c876f755bfdcb15ffde51279d4f870615b7c58648b3dba56abea8f5666e4d0
                                                                                                              • Opcode Fuzzy Hash: 072a5ebb6a311f0c62d0eb2954da0c787e65c90cfccb0d36f53f8fbd15aa602f
                                                                                                              • Instruction Fuzzy Hash: AA2127B59003199FCF10CFA9C9857EEBBF5FF48314F10842AE919A7240C7789944CB64
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0252D2C6,?,?,?,?,?), ref: 0252D387
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 77c481ba1b52c2d9d079e55dd6dfd45060243aa5d87365f3c2e98e059977a908
                                                                                                              • Instruction ID: 5151fb81ecf69faa7d2d6ebc1af66e3beb6abf04192cfeb61c92d25da5b713cd
                                                                                                              • Opcode Fuzzy Hash: 77c481ba1b52c2d9d079e55dd6dfd45060243aa5d87365f3c2e98e059977a908
                                                                                                              • Instruction Fuzzy Hash: BB2114B5900318AFDB10CF9AD984ADEBFF4FB48320F10841AE918A3350C374A954CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02598CB8 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02598D3E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 80ec326cdcf2bc6a1d5c8536f20a360109197a68ef66c06ac97d8cf271a83eb9
                                                                                                              • Instruction ID: 9cf0c5237614fd270e49d864066b7630d048cb9f3c258e83d968a25671f31957
                                                                                                              • Opcode Fuzzy Hash: 80ec326cdcf2bc6a1d5c8536f20a360109197a68ef66c06ac97d8cf271a83eb9
                                                                                                              • Instruction Fuzzy Hash: 502137B19003098FDB10DFAAC4857EEBBF4EF89324F14842AD559A7280CB789945CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02599380 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02599400
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 271177e198c7e1776d768a0abdb41d631200b5c0aea7bbf7b843373946076f29
                                                                                                              • Instruction ID: e613e538921345ef9dc9905d072fc2bb4d1829c2821052edb5b3fc27dc015282
                                                                                                              • Opcode Fuzzy Hash: 271177e198c7e1776d768a0abdb41d631200b5c0aea7bbf7b843373946076f29
                                                                                                              • Instruction Fuzzy Hash: 0D2125B19003499FCB10DFAAC885AEEFBF5FF48320F50842EE519A7240C7789944DBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02598CC0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02598D3E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 1406b063f23fddb80fcb8ad009ab2718eb9df806e11bc02fe0e38b415c938f1c
                                                                                                              • Instruction ID: e342a39d1fd02f666e31abe9c9369efa12d10daf7f78f22777c87e43d61db369
                                                                                                              • Opcode Fuzzy Hash: 1406b063f23fddb80fcb8ad009ab2718eb9df806e11bc02fe0e38b415c938f1c
                                                                                                              • Instruction Fuzzy Hash: 712149B19003098FDB10DFAAC4857EEBBF4FF88324F14842AD519A7240CB78A945CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259937E Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02599400
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 7b60006fea50a0f2f2775410a1b2af099f7856dc46cce3743e84158dbcd98d58
                                                                                                              • Instruction ID: cb87e5dde448dd23245baa1fb66eb012e870ed775b1889ea69eb2c7f95cc522a
                                                                                                              • Opcode Fuzzy Hash: 7b60006fea50a0f2f2775410a1b2af099f7856dc46cce3743e84158dbcd98d58
                                                                                                              • Instruction Fuzzy Hash: 352123B1D003199FCB10DFAAC985AEEBBF5FF48320F10842AE519A7240C7389944DBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252D2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0252D2C6,?,?,?,?,?), ref: 0252D387
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: fd5fb84d3c98e1f02037679a59e276b127ce365deb58eea4cc66ac58030e1dad
                                                                                                              • Instruction ID: 4e47c06c30da42e8532f0b37ef346ce76baae3f20eeda1bc57e15685d759703e
                                                                                                              • Opcode Fuzzy Hash: fd5fb84d3c98e1f02037679a59e276b127ce365deb58eea4cc66ac58030e1dad
                                                                                                              • Instruction Fuzzy Hash: 2321F0B5900319DFDB10CFA9D984ADEBBF5FB48324F24801AE918A3350C378A954CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0252B101,00000800,00000000,00000000), ref: 0252B312
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: 8a4b40d6553698b3d6f1eaf6ec7db62b6dcb32c017da87a1fdd1061bbb18289b
                                                                                                              • Instruction ID: 95fb5a19be0a4c6620ccd3f964a46170dcfae05bcdc710fa0de1f2c68971eb3a
                                                                                                              • Opcode Fuzzy Hash: 8a4b40d6553698b3d6f1eaf6ec7db62b6dcb32c017da87a1fdd1061bbb18289b
                                                                                                              • Instruction Fuzzy Hash: 541103B69003599FDB10CF9AC544BDEFBF4FB98324F10842AE519A7240C375A944CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 025991C8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0259923E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: bf5643a06b965545f3eb7ff47a1936c627e3d730d4f41aa3995e3e7b1877b74d
                                                                                                              • Instruction ID: 0c85c0664f44d3c1f11ddf7005b333dbf69b21051e38d7733857f5c744c5fe57
                                                                                                              • Opcode Fuzzy Hash: bf5643a06b965545f3eb7ff47a1936c627e3d730d4f41aa3995e3e7b1877b74d
                                                                                                              • Instruction Fuzzy Hash: D71144B29002499FCF10DFA9C9456EEBBF5EF88324F24881AE519A7250C7399544CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252B2A1 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0252B101,00000800,00000000,00000000), ref: 0252B312
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: d460e845db870b220e492e3c17fecb38c7f0b30038b8221ee4dec0ccaaa3c6ca
                                                                                                              • Instruction ID: 1c7b210e61ffa7d969b9786eddabb44b90109ab8e98f04071a06d12f164add97
                                                                                                              • Opcode Fuzzy Hash: d460e845db870b220e492e3c17fecb38c7f0b30038b8221ee4dec0ccaaa3c6ca
                                                                                                              • Instruction Fuzzy Hash: 1D1112B69003498FCB14CFAAC844BDEFBF4FB88324F14846AD819A7240C375A545CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 025991D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0259923E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 9534764e29a2b577e581acefc0da200a334028478ae2f032aba27ce1fd9fe985
                                                                                                              • Instruction ID: a27ad61d474a050810cb3d99bd7f22dd07bb03e3cee44e3be95c28b784b2fe75
                                                                                                              • Opcode Fuzzy Hash: 9534764e29a2b577e581acefc0da200a334028478ae2f032aba27ce1fd9fe985
                                                                                                              • Instruction Fuzzy Hash: BF1123B19002499FCF10DFAAC845AEFBFF5EF88324F248419E519A7250CB75A944CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02598C08 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 3a3744ff5d98b67e62a93ac78c39fe508d1575dfaa457af0ae21694aaeed80c5
                                                                                                              • Instruction ID: 3d0ee091fc5bd003bb3e38cfc79c6ce615bf329d43f960c312941bcf740d76c2
                                                                                                              • Opcode Fuzzy Hash: 3a3744ff5d98b67e62a93ac78c39fe508d1575dfaa457af0ae21694aaeed80c5
                                                                                                              • Instruction Fuzzy Hash: CF1158B19003488FCB20DFAAC8497DEFFF4EF89324F24841AD459A7240CB789945CB95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259BA38 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0259C729,?,?), ref: 0259C8D0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 304d71e1cda26ed8b23f79d666e87bda21136907ae5d3082614fec7317eda4a2
                                                                                                              • Instruction ID: 1ae5d6ea11ae9f9888238708ba554f048be4e551d326fedc3f768f396b5ad493
                                                                                                              • Opcode Fuzzy Hash: 304d71e1cda26ed8b23f79d666e87bda21136907ae5d3082614fec7317eda4a2
                                                                                                              • Instruction Fuzzy Hash: 731155B1800349CFCB20DF99C445BEEBBF4FB48325F10842AD958A7241D338A944CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252B019 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0252B086
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 5ddea86626ad2ce7971e24c21fc6dd2f39bc25e44b87c8e21672132d36522ac4
                                                                                                              • Instruction ID: 9756166c4ae8092bea4dab9c7e41950e35768adb01aa9f27dbd85577468d2007
                                                                                                              • Opcode Fuzzy Hash: 5ddea86626ad2ce7971e24c21fc6dd2f39bc25e44b87c8e21672132d36522ac4
                                                                                                              • Instruction Fuzzy Hash: 71111FB1D003498BCB20CFAAD844ADEFBF4BB89224F10805AD428A7240C375A649CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02598C10 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: eeea048d743ff7750771014b9daa52ef83fb3f6f82033a65684d066988c8ba3e
                                                                                                              • Instruction ID: 849fe5037109b61ab07dc76f70504b27911a6d127bd145c795a0767cb4dacfa8
                                                                                                              • Opcode Fuzzy Hash: eeea048d743ff7750771014b9daa52ef83fb3f6f82033a65684d066988c8ba3e
                                                                                                              • Instruction Fuzzy Hash: AC1136B19003498FCB20DFAAC8497DFFBF5EB89324F248419D519A7240CB79A944CBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0252B086
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: aa90491bdcc16017eec692735cafcb9f6d0eb1091fa687712df7da5a08da9a68
                                                                                                              • Instruction ID: 9f2bd4ba8286cce9d7bed67a19fc0ebea941aaccc7cfa3d9cb3232df05d38bda
                                                                                                              • Opcode Fuzzy Hash: aa90491bdcc16017eec692735cafcb9f6d0eb1091fa687712df7da5a08da9a68
                                                                                                              • Instruction Fuzzy Hash: D211DFB5D007598FCB20DF9AC844BDEFBF4BB89224F10845AD429A7250C375A549CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02597A00 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0259BBBD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 90b49ccc95b1d6fb4ee0b8fbfc6b3b08f141719fd2d8ee9dd0d35be52f408e7b
                                                                                                              • Instruction ID: 19085b8e90847a9830e0ac73e618ee84f7cd99cdb746205bca1f568e362e716e
                                                                                                              • Opcode Fuzzy Hash: 90b49ccc95b1d6fb4ee0b8fbfc6b3b08f141719fd2d8ee9dd0d35be52f408e7b
                                                                                                              • Instruction Fuzzy Hash: 941133B5900348DFDB20DF8AD889BDEBBF8FB48324F108459E518A3240C374A944CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259C871 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0259C729,?,?), ref: 0259C8D0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 808bef0b01ef98a07f255ae6afe2c94730aa08682fbb18e4290bd4bc3f1fccf0
                                                                                                              • Instruction ID: 34db4fe5b25f8a25fa6936387c5d1200e16580f0a753de80a98a654c1f3762ce
                                                                                                              • Opcode Fuzzy Hash: 808bef0b01ef98a07f255ae6afe2c94730aa08682fbb18e4290bd4bc3f1fccf0
                                                                                                              • Instruction Fuzzy Hash: 4F1122B6800309CFCB10DF99C545BEEBBF4FB48320F10841AD558A7241C738AA44CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259BB58 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0259BBBD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 6a4b7c7e97f18cbf071435d38ff20772eff0c042d8e45e47edf5740db859b363
                                                                                                              • Instruction ID: b7f8725888c14bc4a023b5872cba3eda3331433c4dc4f741027aa86ed285adc0
                                                                                                              • Opcode Fuzzy Hash: 6a4b7c7e97f18cbf071435d38ff20772eff0c042d8e45e47edf5740db859b363
                                                                                                              • Instruction Fuzzy Hash: CB1122B58003499FDB10DF99D986BDEBBF8FB48324F14844AE558A7241C378A684CFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C110 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: O};5
                                                                                                              • API String ID: 0-3558557551
                                                                                                              • Opcode ID: 67371ec577d17bfc13434e3f2f5ff33b139dc9c7cc359bfdb14702e5b1aa7666
                                                                                                              • Instruction ID: 685b18a26b3b4d73322b9cc920e175c63c3e3c4e5a2094f1792f9775100e0293
                                                                                                              • Opcode Fuzzy Hash: 67371ec577d17bfc13434e3f2f5ff33b139dc9c7cc359bfdb14702e5b1aa7666
                                                                                                              • Instruction Fuzzy Hash: F6415970A14609DFDB44CF95D5844AEBBF1FB89200B609896C459EB368E334EE21DB14
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C120 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: O};5
                                                                                                              • API String ID: 0-3558557551
                                                                                                              • Opcode ID: 9ac68f6be425fb3b023afdc03b2de952e05c633b40e48fc61b76943600674937
                                                                                                              • Instruction ID: 26572173354aa92f86e97cda005d40693ba57bfcf7d9b49b16eaa9f37271cb8d
                                                                                                              • Opcode Fuzzy Hash: 9ac68f6be425fb3b023afdc03b2de952e05c633b40e48fc61b76943600674937
                                                                                                              • Instruction Fuzzy Hash: 96411870A14609DFDB44CF95D9848AEFBF1FB89200F609896C45AEB368E734EE11DB14
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90F68 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: t2C
                                                                                                              • API String ID: 0-2921094597
                                                                                                              • Opcode ID: 245409b270416192c87c69a4084ae91f5520bcbe416ee225d7bcdc729ccae85c
                                                                                                              • Instruction ID: 751afeae355c592d591ec434f1636f9b6140f43dc90430ebf92b5f7978f3bd52
                                                                                                              • Opcode Fuzzy Hash: 245409b270416192c87c69a4084ae91f5520bcbe416ee225d7bcdc729ccae85c
                                                                                                              • Instruction Fuzzy Hash: F4219D716002155FCB10EF78D4588AFBBE6EF85311B048869E506DB794EF34ED088BA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D99FC1 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 3H5
                                                                                                              • API String ID: 0-3899204960
                                                                                                              • Opcode ID: 94ff97bacff3bb6ce4b166ac3eb2fcf7aed4c8630ea893b4905f03164cb26947
                                                                                                              • Instruction ID: 00c7f343f6368d4226b44d8ec925d3ebaec62218d0835c564ceaac56bfaad8aa
                                                                                                              • Opcode Fuzzy Hash: 94ff97bacff3bb6ce4b166ac3eb2fcf7aed4c8630ea893b4905f03164cb26947
                                                                                                              • Instruction Fuzzy Hash: 9C21F2B1A01219EFDB04CFA9C5806AEFBF1EF99300F24C5AAD548E7354E6309A459B41
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90F63 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: t2C
                                                                                                              • API String ID: 0-2921094597
                                                                                                              • Opcode ID: 61383c63f6424a977bae4e0c7d8856f7ce6e7674d088aa0d5616e1773d93ef65
                                                                                                              • Instruction ID: f2995a543739e13628df71a03fd09bcd03a31dcc25faa3a58820961e5d977299
                                                                                                              • Opcode Fuzzy Hash: 61383c63f6424a977bae4e0c7d8856f7ce6e7674d088aa0d5616e1773d93ef65
                                                                                                              • Instruction Fuzzy Hash: CD11A9716002159BCB10EF68D4449ABBBF6FFC5315B008869E50ADB794EF31EE098BA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F928 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: t2C
                                                                                                              • API String ID: 0-2921094597
                                                                                                              • Opcode ID: a2ac859160c24df712dd0211e78feafeb74ef0f20ca4035ff48b054258e8f998
                                                                                                              • Instruction ID: 70046ddc150136f4ae58080600e6f96aab90a0fc170cbe141735ff4b76821af4
                                                                                                              • Opcode Fuzzy Hash: a2ac859160c24df712dd0211e78feafeb74ef0f20ca4035ff48b054258e8f998
                                                                                                              • Instruction Fuzzy Hash: 4AD01237250108AE9F41EF95E840D5677DCBB25614700C426E508C7121E622F874D761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9EE25 Relevance: .2, Instructions: 166COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6974972732282256f8d73abe5b3262ad049036d7b7bc5c8e3814e11cb9a882c9
                                                                                                              • Instruction ID: 1c03d323db7b7f0e430a7ddada3eeed5a349c83bd8a5bf95b846309f04da80b1
                                                                                                              • Opcode Fuzzy Hash: 6974972732282256f8d73abe5b3262ad049036d7b7bc5c8e3814e11cb9a882c9
                                                                                                              • Instruction Fuzzy Hash: 64513B70F002189BDB04DFA5C8547BEB7B2BB84711F14812AE555AA3C5E738AD42CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9766C Relevance: .1, Instructions: 145COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 553f77f2b9c5ff991e6b736b647d4adacc2c1c4f4bfcfd11ea6f34a8071f78a9
                                                                                                              • Instruction ID: 0fc2c7d83554f2161be26d57e64507932ed80ea5ccbf2f1973ff4b722d6206a7
                                                                                                              • Opcode Fuzzy Hash: 553f77f2b9c5ff991e6b736b647d4adacc2c1c4f4bfcfd11ea6f34a8071f78a9
                                                                                                              • Instruction Fuzzy Hash: 5E41E271F04244AFDF05EFB8DC555EE7BF6EF86210B0588AAD414DB252EA34AD078B60
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9BFB8 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ab5978d66ce763441ab30a03067a2309d9d72266f055bc92a0af0680be8d99b9
                                                                                                              • Instruction ID: a6745973c073bcaa83c0412254c8249021883cdb039ea540c5a586c5b64645b7
                                                                                                              • Opcode Fuzzy Hash: ab5978d66ce763441ab30a03067a2309d9d72266f055bc92a0af0680be8d99b9
                                                                                                              • Instruction Fuzzy Hash: 2C41BBB4A097849FD706CB69D490948BFB0EF8A201F1A81D6C484DF3B3E6349D59CB12
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C298 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf0d22850a720843a2e78347cb46fa1f61897351cf07ae4c6ee75a7596884d43
                                                                                                              • Instruction ID: b46d5d0dcce981c747b0d4f48aaae92d32555c9b021b4162e475391639a36d47
                                                                                                              • Opcode Fuzzy Hash: cf0d22850a720843a2e78347cb46fa1f61897351cf07ae4c6ee75a7596884d43
                                                                                                              • Instruction Fuzzy Hash: BB41ABB4E0020AAFCF04CFA4D8419EEBBB2FF89300F109526D404BB350E7709A41CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C2A8 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f41d15dc09bb4f79febbb9798cffc79689bae5311791ee6533df1c7acbbe079f
                                                                                                              • Instruction ID: 1eda925396128aea06fa831d3c0606b3263d9c7b21d126d17a3b8f65f6af1772
                                                                                                              • Opcode Fuzzy Hash: f41d15dc09bb4f79febbb9798cffc79689bae5311791ee6533df1c7acbbe079f
                                                                                                              • Instruction Fuzzy Hash: 7C413875E1020AAFCF04CFA5D8419EEBBB2EF89310F109525E505BB354E774AA81CBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9106E Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d4d4646065ed48665deafdd4c5de7393647b77b743c50fb72f814ecb22fcbd5b
                                                                                                              • Instruction ID: 6b2399ea319324d7a1cbe9ae7a6dca07fef28fa16a76d8d1b958e9d6dfa2acb4
                                                                                                              • Opcode Fuzzy Hash: d4d4646065ed48665deafdd4c5de7393647b77b743c50fb72f814ecb22fcbd5b
                                                                                                              • Instruction Fuzzy Hash: 7841C0B1D003099BEB24DFA9C984ADDBBF5BF48304F24842AD419BB215D7756A4ACF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D91070 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 75d542401af324cc114cf73fb5a62297971a09a191f378837de519c07b3e8729
                                                                                                              • Instruction ID: 6b7fa83f732864e0002ac2695e0a62f2836f2a430b4c6f947deb77476d47c753
                                                                                                              • Opcode Fuzzy Hash: 75d542401af324cc114cf73fb5a62297971a09a191f378837de519c07b3e8729
                                                                                                              • Instruction Fuzzy Hash: 3541C2B1D003099BEB24DFA9C984ADDBBF5BF48304F24842AD419BB215D7756A49CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D97580 Relevance: .1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3feb7b5767879e76953905ffa129efe3316f954a9c529e0c5c3bc12afd83d75
                                                                                                              • Instruction ID: 0523e2bb488805a04ea7e984a0a8e642593894264c49b415312c0c41b75dd6ca
                                                                                                              • Opcode Fuzzy Hash: a3feb7b5767879e76953905ffa129efe3316f954a9c529e0c5c3bc12afd83d75
                                                                                                              • Instruction Fuzzy Hash: D121899241E3F25FE3436778D8B63D67F609F53625F1904D3D088CA193E5184599C3AB
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D960C8 Relevance: .1, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 73649586446139f7cdad28dbe9ddcd86cfc2a4fed4737c878c101557f08dec18
                                                                                                              • Instruction ID: 4b1daba80543b4cb82ce8d02c38db7501c75162f880ae0b102bacc9bb8e2d204
                                                                                                              • Opcode Fuzzy Hash: 73649586446139f7cdad28dbe9ddcd86cfc2a4fed4737c878c101557f08dec18
                                                                                                              • Instruction Fuzzy Hash: 55314D71E04529DACF148FA9C8902BEB6F0FB49354F054227E4A9F6291E338ED509795
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90C50 Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ecefbceef4f6898d4502482c470d3b8bd4e58c0900ea3a54fbb1715757ef0913
                                                                                                              • Instruction ID: 64763fbcb228061d7f8480cfc699f6a7f24c47d96618db8d812a4d415130210e
                                                                                                              • Opcode Fuzzy Hash: ecefbceef4f6898d4502482c470d3b8bd4e58c0900ea3a54fbb1715757ef0913
                                                                                                              • Instruction Fuzzy Hash: B821A974B002194BCB06EF78A85857F7BF7FFC92107184929E81AD7381EE389D068761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 024DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687686160.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_24dd000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 99738e29a19d58e745a9bde5615c7447406dc09d3d61000caf302dd1e47185a8
                                                                                                              • Instruction ID: 82a328dccc2ce0aeeec6d2bb2880766bc24b76c2a5963fe7c6202be004a5155b
                                                                                                              • Opcode Fuzzy Hash: 99738e29a19d58e745a9bde5615c7447406dc09d3d61000caf302dd1e47185a8
                                                                                                              • Instruction Fuzzy Hash: FA21F576A04200DFDB16DF14D9D4B16BBA5FBC4318F64C56ED90A4B346C336D447CA61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 024DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687686160.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_24dd000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae479c03ce2183079ffc134c221f2b66689be07ab4d8467a4f1ecbc1b8ad8b8f
                                                                                                              • Instruction ID: 556379a5c565a83ad089aba2b5c4b45ed498f395565bb94d52691966e23dc2f2
                                                                                                              • Opcode Fuzzy Hash: ae479c03ce2183079ffc134c221f2b66689be07ab4d8467a4f1ecbc1b8ad8b8f
                                                                                                              • Instruction Fuzzy Hash: DF210772A04200EFDB05DF14D9D4B26BBA5FB84314F24CA6ED80A4F351C336D446CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F200 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1cee3322983e2cde606a7d0ab2c2d3f8849a10a3cd059d8d9c4a1927fc00e065
                                                                                                              • Instruction ID: a105291be3db7b1bda1879d0e2cec8b98a33a3165e69b545def7be114ebd62bd
                                                                                                              • Opcode Fuzzy Hash: 1cee3322983e2cde606a7d0ab2c2d3f8849a10a3cd059d8d9c4a1927fc00e065
                                                                                                              • Instruction Fuzzy Hash: DC21A4B4A04214CBDF188FA9D8807BFBBF5FB48714F04453EE556CB281E278ED428651
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9646E Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 428610e83d59b4301a50cae954847c6bfaa6092fe09f487ed703b398e4dcf109
                                                                                                              • Instruction ID: 45c4f94369e56fb6736c0926c93960571772c2f6ba4edd5cf112e56f4100f973
                                                                                                              • Opcode Fuzzy Hash: 428610e83d59b4301a50cae954847c6bfaa6092fe09f487ed703b398e4dcf109
                                                                                                              • Instruction Fuzzy Hash: FF21CFB0A08115CBDB409FA9CA442BAF7F1FB40B40F008536E569DA289E334FD50DB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93CE0 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48bfcb8354b1a411975ac4b39c59d8b12f06d4b21a735e54bf7fe130eb68b7fb
                                                                                                              • Instruction ID: 18dc41b8614f5949cec91f97f3eb0b1c4e8b7e22570d91c55437906e94b0491a
                                                                                                              • Opcode Fuzzy Hash: 48bfcb8354b1a411975ac4b39c59d8b12f06d4b21a735e54bf7fe130eb68b7fb
                                                                                                              • Instruction Fuzzy Hash: 4A21A231B04615CBDF108B69D8603BAB6E5FF49721F0CC137E9A6DA290E378FC458692
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90DFB Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2da0fe6739b37c55b41ed68c0313fcd4daa5a9618d446dafda4c48ec0ffc5018
                                                                                                              • Instruction ID: 4e64efa78884c620941bd522f2762ded5d74dbcc32d9346398c3918893e4ce42
                                                                                                              • Opcode Fuzzy Hash: 2da0fe6739b37c55b41ed68c0313fcd4daa5a9618d446dafda4c48ec0ffc5018
                                                                                                              • Instruction Fuzzy Hash: 3231E3B0D012199FDB21DF99D984B8EBFF5FB48314F14801AE408BB240C7B56845CF91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93CD1 Relevance: .1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7bc73c6d135f2804a5d3fa8230173ce4a01abcf6d0b51dccaf0445435e11d601
                                                                                                              • Instruction ID: 47b5ddbfc885268d9cc7ac98606711d1eb2a21bf82080d40b33ab47ef2b154e5
                                                                                                              • Opcode Fuzzy Hash: 7bc73c6d135f2804a5d3fa8230173ce4a01abcf6d0b51dccaf0445435e11d601
                                                                                                              • Instruction Fuzzy Hash: 1211D631B081148BDB108B68D8612FAB7F1FF49725F0D8177E856DB191D378ED458291
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93E00 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3ea03494ea00a70386bb013dc32a60c1948a065bb5872ca7c734d62f904488e5
                                                                                                              • Instruction ID: e377753cd613fe1cfb1f1ba858861e6d4354d55220171342ee646d2d1915eac0
                                                                                                              • Opcode Fuzzy Hash: 3ea03494ea00a70386bb013dc32a60c1948a065bb5872ca7c734d62f904488e5
                                                                                                              • Instruction Fuzzy Hash: 23210870A083C59FC7015B74881467A7FF2EF8A700F1186AAE585EB3D2EB386C15CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90E00 Relevance: .1, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b3d529253d62e06eac37c4f92cc78fcf00a79bf500859cbb1639b69367686352
                                                                                                              • Instruction ID: d6376c8b553048466471999a0e7c6b0faf5c40fc26c5d11a1f269c00d13187c0
                                                                                                              • Opcode Fuzzy Hash: b3d529253d62e06eac37c4f92cc78fcf00a79bf500859cbb1639b69367686352
                                                                                                              • Instruction Fuzzy Hash: 0521DFB0D01219DFDB21DF99D988B8EBFF5BB48314F24801AE408BB290C7B56845CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 024DD005 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687686160.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_24dd000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7aaf156e078193598cecd4eccde1be3a6328e34661a28478a038a2f71e5d33d9
                                                                                                              • Instruction ID: df23d612772d133e1dfa48d69ff6dee010c9506de7188c0debd30921983bc87f
                                                                                                              • Opcode Fuzzy Hash: 7aaf156e078193598cecd4eccde1be3a6328e34661a28478a038a2f71e5d33d9
                                                                                                              • Instruction Fuzzy Hash: 04217175508380DFCB07CF24D994712BF71EB86214F28C5DAD8498F2A7C33A980ACB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9C048 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2c2c69f838b829d96c1ef462069670ed1e734602f291b2e3d7d57abc3a0e9b3f
                                                                                                              • Instruction ID: 93e6215cfab6d03025e4d7cdb041475106e58a90d9511bb276ea8575e3085a9b
                                                                                                              • Opcode Fuzzy Hash: 2c2c69f838b829d96c1ef462069670ed1e734602f291b2e3d7d57abc3a0e9b3f
                                                                                                              • Instruction Fuzzy Hash: 2C21AFB4A00A08DFD704DF5AE094999BFF1FF88310F5281D5D848AB365E731E9A0CB01
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90C4B Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f5ef6604630147426a6829dd12b486f91d77c165437f89f92c43e48f481a9cb4
                                                                                                              • Instruction ID: e55367e8f1a3e5631efc04bf6e681ebe09ff133beccbda30b0dcf2372793d294
                                                                                                              • Opcode Fuzzy Hash: f5ef6604630147426a6829dd12b486f91d77c165437f89f92c43e48f481a9cb4
                                                                                                              • Instruction Fuzzy Hash: F901A175A0021A5B9B15DE79A8445BFB7F7FBC52607244528E429E7380EF309E0A87A0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D976CC Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 96b5df6d36d6d429ea9c1009ab5aaf77d8b0cb20f5914e461f3d202b68a9eb99
                                                                                                              • Instruction ID: 3319e5895311dfe22faaf36d7d15d4f336b4acb4c30e083e30b99de10cc6a93f
                                                                                                              • Opcode Fuzzy Hash: 96b5df6d36d6d429ea9c1009ab5aaf77d8b0cb20f5914e461f3d202b68a9eb99
                                                                                                              • Instruction Fuzzy Hash: 702100B59003499FCB50CF9AC888BDEBBF4FB48320F10841AE919A7340D375AA54CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9E56A Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8f3d7bfd01cd15aaf3d606eddecb6890137d94e4691a4669389ad10430103544
                                                                                                              • Instruction ID: e8785a6e3c77a805a48f922d54805bfeead93d663c04ad860562d8e937a5b8b9
                                                                                                              • Opcode Fuzzy Hash: 8f3d7bfd01cd15aaf3d606eddecb6890137d94e4691a4669389ad10430103544
                                                                                                              • Instruction Fuzzy Hash: E62103B69003099FCB10CF9AC985BDEBBF4FB48310F10841AE919A3200D374A954CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 024DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687686160.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_24dd000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                              • Instruction ID: ec98a457ed8cb276221c080fc6c1183a9487ac40b5be4a65eae9122142d5f69a
                                                                                                              • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                              • Instruction Fuzzy Hash: EB11BB76904280DFCB02CF10C5D4B16BBB2FB84224F24C6AED8494F796C33AD40ACB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F293 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9344c50868bf5bfcd8ec0606051227fc2755dfd6db089323493b6fae2c64a239
                                                                                                              • Instruction ID: bafcadd3924a92218d0f8eaae63ca444a892444cd9e72f181e475605bda81392
                                                                                                              • Opcode Fuzzy Hash: 9344c50868bf5bfcd8ec0606051227fc2755dfd6db089323493b6fae2c64a239
                                                                                                              • Instruction Fuzzy Hash: FD118BA4B04510CBDF288BA9C8407BEB7E5EB48715F44453EA196CE280F6B8ED829255
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D93DFE Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 450bd5b4088fb21ccff58149f23562da5988d51646746dafb1c75696927c9d07
                                                                                                              • Instruction ID: 3fb00fd62ff90560ca04ccfedbca5e5c430beed16344b0041b3ff1858e37dc0a
                                                                                                              • Opcode Fuzzy Hash: 450bd5b4088fb21ccff58149f23562da5988d51646746dafb1c75696927c9d07
                                                                                                              • Instruction Fuzzy Hash: 70112B71F00259ABDB446FB5981567E77F2FB8C711F008625E905EB3C0E7346D418B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D91656 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b9aec412d6563fa4ae66260a8914bfb25eef39353d0adecafeace134f5c4eebd
                                                                                                              • Instruction ID: e302351f4c95b9395bd776f61aced07ecdf1db3288e619abff453ea4c75d4928
                                                                                                              • Opcode Fuzzy Hash: b9aec412d6563fa4ae66260a8914bfb25eef39353d0adecafeace134f5c4eebd
                                                                                                              • Instruction Fuzzy Hash: AA1100B59003498FDB20EF9AD489BDEFBF4EB48320F24841AD959A7340C775A944CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D91658 Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e89d820210a5ee563022d52734a072a8cefc83958c41d9e27928d4b6d9c724c3
                                                                                                              • Instruction ID: b581ba86113818ce24ffbc54b6aa1da972ebb6290e15ba39689ffeb3bc3293d6
                                                                                                              • Opcode Fuzzy Hash: e89d820210a5ee563022d52734a072a8cefc83958c41d9e27928d4b6d9c724c3
                                                                                                              • Instruction Fuzzy Hash: 171100B59003498FDB20EF9AD449B9EFBF4EB48320F24841AD559A7340C774A944CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9A0B8 Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4b727bd0612ec40beea984ca86aded43435e3d4dfdbdd69f5a187b0ff1711903
                                                                                                              • Instruction ID: 3f1f24534ab3e10b5cc361b4c23c49ab82b2adf955b2fa6d4890cc159f299abd
                                                                                                              • Opcode Fuzzy Hash: 4b727bd0612ec40beea984ca86aded43435e3d4dfdbdd69f5a187b0ff1711903
                                                                                                              • Instruction Fuzzy Hash: A10196B5E01108AFDB44DFA9D598A9DBFF1EF48310F15C0A4E9089B365E6349941DF40
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D934B1 Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b18472c77ce235c84f4cd83a0b8b4ebac7f8831aaa84c2d9a90c431503ed8452
                                                                                                              • Instruction ID: ebb3762ee110846451d27c7626faebeedc7c4defdc82f92009e42a8b2ea713f3
                                                                                                              • Opcode Fuzzy Hash: b18472c77ce235c84f4cd83a0b8b4ebac7f8831aaa84c2d9a90c431503ed8452
                                                                                                              • Instruction Fuzzy Hash: 91F02B713047205FD705AB29EC904CEBF66FFD4321B04C966E4094B393DE205D4687E0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F878 Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 175dc67c4c34d455c87827ec01fe76d56ded1a1335ab79a536433212abe2d822
                                                                                                              • Instruction ID: 1ea8119869a2d9a6169013e79ecc1e8415a33ad4fc9d4fb71f500ed172f04ef1
                                                                                                              • Opcode Fuzzy Hash: 175dc67c4c34d455c87827ec01fe76d56ded1a1335ab79a536433212abe2d822
                                                                                                              • Instruction Fuzzy Hash: A8F0A4B0E0420A9FEB54DFA9D8466AEBBF0FB08700F258569D954E7201E7749A478FD0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9E49A Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8ed50e443a4dd225360f359dbabcba1ff5b01d7707ac6f33479ebaeb80d841a9
                                                                                                              • Instruction ID: a10b49ff2b46bfe4ba2f20ce84120980643d2e74940bdfcddafd8d11234a28b8
                                                                                                              • Opcode Fuzzy Hash: 8ed50e443a4dd225360f359dbabcba1ff5b01d7707ac6f33479ebaeb80d841a9
                                                                                                              • Instruction Fuzzy Hash: 47F0C272B04104AFEB05EF58E84199DBBFBEBC4354704C066E408C7225DA30DD158B60
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9E4A8 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 125c47dada9b6f3aec87f0125208a101a65383a11530d90036b2b6d4ec05c1a9
                                                                                                              • Instruction ID: b13ec80ab0d4175ac16246266e9cad9ef15f3137d5cab41de986bfaffe2a2a98
                                                                                                              • Opcode Fuzzy Hash: 125c47dada9b6f3aec87f0125208a101a65383a11530d90036b2b6d4ec05c1a9
                                                                                                              • Instruction Fuzzy Hash: 91F05472B00108AF9F05EF5ADC40D9EBBFAEFC4254704C166E518D7214DA31ED108BA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9A0C8 Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 780d26e5d4ceef3e30291056ed12363fa3e72a1ab16f43786ea12869763e734c
                                                                                                              • Instruction ID: b393e9d2b9378b05fc800ed2b84ea93944a54baf6bd08e1a85ac810505642c25
                                                                                                              • Opcode Fuzzy Hash: 780d26e5d4ceef3e30291056ed12363fa3e72a1ab16f43786ea12869763e734c
                                                                                                              • Instruction Fuzzy Hash: DA015475A01208AFDB44DFA9D598A9DBBF1EF88310F55C095A8089B365D6349940DB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D934C0 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8df4341bccefb98d2d413326e68e288fcda4c364e3a3d902cb2e3b8b00b2547d
                                                                                                              • Instruction ID: 007a8be0a7fc9587388cb8dafe40eb1f35772caead21fd24abb869c92f4a47db
                                                                                                              • Opcode Fuzzy Hash: 8df4341bccefb98d2d413326e68e288fcda4c364e3a3d902cb2e3b8b00b2547d
                                                                                                              • Instruction Fuzzy Hash: 40F0A7713006249BDB05AA29E85489FBB9AFFD4321B108915E4094B355DE305D4586E0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F888 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0467f1b840a5ddf7e03b5da6097b0188ef4639305c575925bba7767044c05dc
                                                                                                              • Instruction ID: 87efed1389c110d87d6a26a78a206dda2e2434ee4633a23faec0b404bdebb394
                                                                                                              • Opcode Fuzzy Hash: a0467f1b840a5ddf7e03b5da6097b0188ef4639305c575925bba7767044c05dc
                                                                                                              • Instruction Fuzzy Hash: 19F0DAB0E0430A9FDB44DFA9C841AAEBBF4FB48300F1085AAD918E7300E77499408FD0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F421 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d8836244680dbbda6cbfeefb07cd235071d25eb28fcb80ebc4ff585b7186a30
                                                                                                              • Instruction ID: 325fe9632e0d440d78203c8ba07584cc6b5b4b01d1d976cb5ed3fae10b5d1eec
                                                                                                              • Opcode Fuzzy Hash: 8d8836244680dbbda6cbfeefb07cd235071d25eb28fcb80ebc4ff585b7186a30
                                                                                                              • Instruction Fuzzy Hash: DEE0C9709402099FE740DF78C98A69DBFF0EB08A40F21C469C065D7311E774DA078F81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90F0B Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e1e6b78015351c247ecf3c51d5bd22f861970c260bf8083cdaf7a8eaafa1573a
                                                                                                              • Instruction ID: df05098198c4d27d741c017e466a15b261373655fe2283f1eafaf70424290405
                                                                                                              • Opcode Fuzzy Hash: e1e6b78015351c247ecf3c51d5bd22f861970c260bf8083cdaf7a8eaafa1573a
                                                                                                              • Instruction Fuzzy Hash: CAE08671E01219EFCB00EFA4F84149CBBB6EB45305B10C598E80897388EB365F01DB60
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D948F8 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b0e7017fb0cf79a4eb63937d11e861c64fa55560890d9ce745f4f6049d8c0993
                                                                                                              • Instruction ID: afc33f3e49e586d5f6eb5b91bb0c76b754d85dc7651f39a26f093ab2529ecddf
                                                                                                              • Opcode Fuzzy Hash: b0e7017fb0cf79a4eb63937d11e861c64fa55560890d9ce745f4f6049d8c0993
                                                                                                              • Instruction Fuzzy Hash: 72E048F160D3949FDF028B2448A03553BA1BB43641F5644FDC882CB1D3DB25AD46D793
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D90F10 Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37617e8012992332943cdf2c303527326e2b26a804ae120e217c56f48cbfacd9
                                                                                                              • Instruction ID: c45f1311f1e15c07852a946d10c662d4044769fbc1f1cadd7649522827acbd77
                                                                                                              • Opcode Fuzzy Hash: 37617e8012992332943cdf2c303527326e2b26a804ae120e217c56f48cbfacd9
                                                                                                              • Instruction Fuzzy Hash: ECE0E671A01319EFCB01EFA4E94145DBBB9EB45315B10C599E90997388EB366F00DB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F430 Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e357240a4100285f79f5cc7f923e82cc2df1840d6173f6a833d9c8d3807f4c5a
                                                                                                              • Instruction ID: 939cb707ef6ab5725b3a89327dba9667763a7415c7246b43f4ea0ffe7dac90c8
                                                                                                              • Opcode Fuzzy Hash: e357240a4100285f79f5cc7f923e82cc2df1840d6173f6a833d9c8d3807f4c5a
                                                                                                              • Instruction Fuzzy Hash: 7FE0B6B0D40209DFDB40EFB9C945A5EBBF0BF08604F11C5A9D019E7311E7B49A058F91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D990DC Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7b2d923abe0fa214457183d5148937003bfb5afa6d12823426010c8c4af3415b
                                                                                                              • Instruction ID: 802e695d88ab7931cacd23f6ca6010f9f1048b84a6db1f69e2aa4fc5b00d740d
                                                                                                              • Opcode Fuzzy Hash: 7b2d923abe0fa214457183d5148937003bfb5afa6d12823426010c8c4af3415b
                                                                                                              • Instruction Fuzzy Hash: 66E04FB5616344CFCB64DB60C0509587BB1FF45355B10109DE0079B764D735EC81CE00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D96430 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2d0220819bdeab6414b20176c26b7d20c53d6e06a949251471df497e940b6051
                                                                                                              • Instruction ID: a53f30c49db41ca2d240fa1d9ac36ee026721ec78ccce514c9913a07eb36940c
                                                                                                              • Opcode Fuzzy Hash: 2d0220819bdeab6414b20176c26b7d20c53d6e06a949251471df497e940b6051
                                                                                                              • Instruction Fuzzy Hash: DFD0A98021C3940FD302877854390923FA2FF86301BA680DAC4408A29BD6280E23C323
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D99064 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd2c11a31fca08d5e7e56c284ed205c96a6558391e9f8ee26534155409fa8037
                                                                                                              • Instruction ID: 92054164317836bcf1e3f713e59ee41accc903167049148a66aa254c9b20059d
                                                                                                              • Opcode Fuzzy Hash: bd2c11a31fca08d5e7e56c284ed205c96a6558391e9f8ee26534155409fa8037
                                                                                                              • Instruction Fuzzy Hash: F1E08C74912344CFCB64DFA0C464A89BB70FF45340B1010A9D816CF369E33A9D82CF10
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D995A3 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 678b316976c565b7e69f991cb2e4fa98faf5ddf0dff1286a38a84bcae4d1a805
                                                                                                              • Instruction ID: 92fb59446dfef79a2fc68daed2e898a09ee48ff634c54079fecd9aa8ab73ee38
                                                                                                              • Opcode Fuzzy Hash: 678b316976c565b7e69f991cb2e4fa98faf5ddf0dff1286a38a84bcae4d1a805
                                                                                                              • Instruction Fuzzy Hash: 14E0C2B0C562A8DFCBA8CF65C9947DEBBB0AB08340F0008C9818AA7250E6315AA0CF04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D968A0 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: da2067b8b4c4a1831b9b3649d995b66e2cd3cc13b70325c62b99c1215447aed3
                                                                                                              • Instruction ID: e674ad50dfb2f3a80ea78103d6df4e59be1e4119b09623e0d47b8b361de8c58c
                                                                                                              • Opcode Fuzzy Hash: da2067b8b4c4a1831b9b3649d995b66e2cd3cc13b70325c62b99c1215447aed3
                                                                                                              • Instruction Fuzzy Hash: 4BC080714013189BD710DFB4D418755B7FCE706321F404095D808C3240F7755C40D7A5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D96F0D Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dc9e0f0ed39bb1e34c879e283f5bc3b88adbced3e3b9101f01fa804865fb379b
                                                                                                              • Instruction ID: b700529efe3f1733f749d0f38257be7398f484546323e183d1d2b55cd0619474
                                                                                                              • Opcode Fuzzy Hash: dc9e0f0ed39bb1e34c879e283f5bc3b88adbced3e3b9101f01fa804865fb379b
                                                                                                              • Instruction Fuzzy Hash: 49D01270901119CFCB94DF28D880B9CB7F6EB44200F10D999D409D3228DA705E85CF04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9765C Relevance: .0, Instructions: 8COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7a7db6ff5c5999729e4da38a78de1d79473edeb04ec181879ca3e29e5b71ea30
                                                                                                              • Instruction ID: 13c374bfec17969da3ba3a8f30cf74ff4331000d03a419dc6ddffdbbbf665f5e
                                                                                                              • Opcode Fuzzy Hash: 7a7db6ff5c5999729e4da38a78de1d79473edeb04ec181879ca3e29e5b71ea30
                                                                                                              • Instruction Fuzzy Hash: E1B092A9279300E17A00A2684884A2A5A91EBA2708B408C06A288A00908420E8A4A22B
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              Function 04D94318 Relevance: 5.3, Strings: 4, Instructions: 346COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq$LRdq$$dq$$dq
                                                                                                              • API String ID: 0-340319088
                                                                                                              • Opcode ID: 69f4b8fea574b597eb8358887b239498f31db0a06cb941a5e32f234e6584bfea
                                                                                                              • Instruction ID: 0e761851084911835ef1e18669f62c6bf67d32fc44305e912e9d4aae358a090d
                                                                                                              • Opcode Fuzzy Hash: 69f4b8fea574b597eb8358887b239498f31db0a06cb941a5e32f234e6584bfea
                                                                                                              • Instruction Fuzzy Hash: 06E17D70A08219DFCB14CFA9C540AAEBBF2FF49301F158556E495EB256DB34EC42CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98068 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 7Z/t$RWIK$[[bb
                                                                                                              • API String ID: 0-1157992699
                                                                                                              • Opcode ID: 6ab96cb0940f6b009f6f5c3dfa954d9113db831174a4728affa646e3bc70d15e
                                                                                                              • Instruction ID: 325300bbf67978865311368b0419e43d7616bb7f19bd426235806f7f86fdb9b4
                                                                                                              • Opcode Fuzzy Hash: 6ab96cb0940f6b009f6f5c3dfa954d9113db831174a4728affa646e3bc70d15e
                                                                                                              • Instruction Fuzzy Hash: 73512970E156099FCB08CFAAC5405AEFBF2FF89340F24D42AE459E7254D7349A429FA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98078 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 7Z/t$RWIK$[[bb
                                                                                                              • API String ID: 0-1157992699
                                                                                                              • Opcode ID: 341eadd49a8a2adac9b003d5848359a57539ebf10625d4fdcc31e2ad07ad75d5
                                                                                                              • Instruction ID: c4cd34a08aaa0c383fc0e10daeeac37dc36d98f12295fea9ed3190d1bd3a46ea
                                                                                                              • Opcode Fuzzy Hash: 341eadd49a8a2adac9b003d5848359a57539ebf10625d4fdcc31e2ad07ad75d5
                                                                                                              • Instruction Fuzzy Hash: D3510770E156099FCB08CFAAC5405AEFBF2BB89340F24D42AE459E7254E7349A419FA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9FAC0 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: T+-q$]\`
                                                                                                              • API String ID: 0-4115924400
                                                                                                              • Opcode ID: 79396b4c99a49cce6a7c0768fc9d72c5a61ef464ba255f4e5f048270e5162481
                                                                                                              • Instruction ID: da9ed83c80dc87c03d0d30977538e2ddcd6e98b4c74314dfbe482ec771eafc04
                                                                                                              • Opcode Fuzzy Hash: 79396b4c99a49cce6a7c0768fc9d72c5a61ef464ba255f4e5f048270e5162481
                                                                                                              • Instruction Fuzzy Hash: AEB1E470E152199BCB04CFAAD99089EFBF2FF89310F14D52AD419FB258E730A9018F58
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D968D8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0
                                                                                                              • API String ID: 0-4108050209
                                                                                                              • Opcode ID: 57d3d2cd880fa4e6afe7dee31c11be5f8c02919ea63b6daabfae0d05cca32efd
                                                                                                              • Instruction ID: 3929d0f71d63f93f0073abdd2a0ec4344cc80c3e2e06fa9540772c0ab7b30a17
                                                                                                              • Opcode Fuzzy Hash: 57d3d2cd880fa4e6afe7dee31c11be5f8c02919ea63b6daabfae0d05cca32efd
                                                                                                              • Instruction Fuzzy Hash: 3421F871E006189BEB58CFABD85079EFBF3AFC9300F14C0BAD418A6224EB345A418F51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D968C9 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0
                                                                                                              • API String ID: 0-4108050209
                                                                                                              • Opcode ID: 4278a97d3db0cbf0f90e29907b83f3b761868533f85a192be8411498da625a90
                                                                                                              • Instruction ID: 05625bcb5ba7b4471b0c68265e94bfa5be7f464ef99bd59ddc7d3c2d58c110c2
                                                                                                              • Opcode Fuzzy Hash: 4278a97d3db0cbf0f90e29907b83f3b761868533f85a192be8411498da625a90
                                                                                                              • Instruction Fuzzy Hash: 6E21EDB1E056189BEB58CFABD85079EFBF3AFC9300F14C07AD418A6254EB345A458F51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259D538 Relevance: .4, Instructions: 377COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ff67de3c5315d19ee025f79aed7dcbc41e717acef8644ad663bd1256841fdc8c
                                                                                                              • Instruction ID: f9157c0d499d6675f9bd6f02e27272fcb0f1fc762af10afd1207084a2771a292
                                                                                                              • Opcode Fuzzy Hash: ff67de3c5315d19ee025f79aed7dcbc41e717acef8644ad663bd1256841fdc8c
                                                                                                              • Instruction Fuzzy Hash: 62D1B971B022158FDB19EB75C510BAEBBF7BF8A304F14886AD0099B2D0CB35E905CB55
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04CC0040 Relevance: .3, Instructions: 315COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1694953785.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4cc0000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88e1e350534e363da1f49186a7b4ebadda33125da500c41ef23e9b86e90bd8b7
                                                                                                              • Instruction ID: 04d57ed138666ad4944fb4ecb8a7f51e584a4407e80f36ad867d5d943c0b4b1e
                                                                                                              • Opcode Fuzzy Hash: 88e1e350534e363da1f49186a7b4ebadda33125da500c41ef23e9b86e90bd8b7
                                                                                                              • Instruction Fuzzy Hash: EF1295B0C81746CAD310CF65F94C18D7BB1FB89318BD06A09D2622B2E5DBB415EACF48
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 025970D0 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 46e8d237d612198af122f0da6e2c595e6d2e9e8b390f871a2d8814aea6cb4c9d
                                                                                                              • Instruction ID: 025bf6dde11297a520b2214b78112a40bf7e904fbba19cffa15b680474b6a458
                                                                                                              • Opcode Fuzzy Hash: 46e8d237d612198af122f0da6e2c595e6d2e9e8b390f871a2d8814aea6cb4c9d
                                                                                                              • Instruction Fuzzy Hash: 9BE10BB4E101598FCB14DFA9C5809AEFBB2FF89304F24C16AE815AB359D730A941CF65
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02596428 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 17116f53f768eb5e864db6a6eeaf424486bc4d37aae2a3007ee0c7a882d9269e
                                                                                                              • Instruction ID: cbceb00b7a1701189c5790904e57975f74a5ba54dc8b408310b0523cd211229a
                                                                                                              • Opcode Fuzzy Hash: 17116f53f768eb5e864db6a6eeaf424486bc4d37aae2a3007ee0c7a882d9269e
                                                                                                              • Instruction Fuzzy Hash: 0AE1F674E001598FCB14DFA9C590AAEFBF2FF89304F248169E815AB359D730A945CFA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02596860 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 448e6eee34bd9a8cc8205bd83d397ce2bcb9a9e2b25e06a663172499afb659a9
                                                                                                              • Instruction ID: b52f1e5c4d3904e8921fa2e4f035b21c8174865b9c54f512829cfc6dc3861465
                                                                                                              • Opcode Fuzzy Hash: 448e6eee34bd9a8cc8205bd83d397ce2bcb9a9e2b25e06a663172499afb659a9
                                                                                                              • Instruction Fuzzy Hash: 3FE10774E002598FCB14DFA8C590AAEFBB2FF89304F24C169E815AB359D734A945CF64
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02596C98 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c0134dc354ad954874f009f1e50ae457d3d047569a1cbf3ea55411572bbea7a2
                                                                                                              • Instruction ID: a813c3b878a266b15f1ad5b0b5cc6e2047aa7d2d4815454fb19753a8cf62b633
                                                                                                              • Opcode Fuzzy Hash: c0134dc354ad954874f009f1e50ae457d3d047569a1cbf3ea55411572bbea7a2
                                                                                                              • Instruction Fuzzy Hash: A1E11974E002598FCB14DFA9C590AAEFBB6FF89304F24C169E414AB359D731A941CFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02598D98 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 829f83c65436a236cc365f760dbc565662c2341d848e94f08dced678a5fe65ab
                                                                                                              • Instruction ID: ed46cb84b8d36e1e5c932623f727f7d2ab356463ffba7cee2837dbbcd5f82563
                                                                                                              • Opcode Fuzzy Hash: 829f83c65436a236cc365f760dbc565662c2341d848e94f08dced678a5fe65ab
                                                                                                              • Instruction Fuzzy Hash: 58E11874E002198FCB14DFA9C584AAEFBB2FF89304F24C169E414AB359D730A941CFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D91B4F Relevance: .3, Instructions: 270COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d84bda8805e7a4370e94af3f9e1d54f78aa64d8823a4c535e7068fa83f70e0ed
                                                                                                              • Instruction ID: ddf723c1f944a545c84d2efadc9d6c7e6952f9d1a7b3b20d6157063f51ef6d68
                                                                                                              • Opcode Fuzzy Hash: d84bda8805e7a4370e94af3f9e1d54f78aa64d8823a4c535e7068fa83f70e0ed
                                                                                                              • Instruction Fuzzy Hash: C0D10731910B6A9ACB00EFA4D9946D9B7B1FF95300F21CB9AE50937254FF706AC4CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0252DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687884997.0000000002520000.00000040.00000800.00020000.00000000.sdmp, Offset: 02520000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2520000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5af49bab9f3d05ca4e64550da99727169a3c6abd5c95b17ec55f20a623ce5e9a
                                                                                                              • Instruction ID: 688f2d950280c03a70f354ce0415721550b2f024497f7caceec03451031d9915
                                                                                                              • Opcode Fuzzy Hash: 5af49bab9f3d05ca4e64550da99727169a3c6abd5c95b17ec55f20a623ce5e9a
                                                                                                              • Instruction Fuzzy Hash: D1A16E32E006268FCF05DFB4D8405DEBBB2FF86304B15456AE806AB2A5DB71D959CF80
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D91B60 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4fdc74d3be1293258ccbd3f3419f5d1fea5a7813b946c3e91103c99f61ea0397
                                                                                                              • Instruction ID: 5d67450e834bd841f6b8dab1e95dc801714badedd937af659f9e26e72735feb8
                                                                                                              • Opcode Fuzzy Hash: 4fdc74d3be1293258ccbd3f3419f5d1fea5a7813b946c3e91103c99f61ea0397
                                                                                                              • Instruction Fuzzy Hash: 06D1F631910B6A9ACB00EFA4D994699B7B1FFD5300F21CB9AE50937254FF706AC4CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04CC0007 Relevance: .2, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1694953785.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4cc0000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ace8e7a2b8cef5f2cb7b9cbeaa1292f7a765dfba3098106e3dd6a0092be4d97
                                                                                                              • Instruction ID: ec0fd3f2415864756e9ce9669303b5dc134a1775273fb242db464f08c00a4368
                                                                                                              • Opcode Fuzzy Hash: 9ace8e7a2b8cef5f2cb7b9cbeaa1292f7a765dfba3098106e3dd6a0092be4d97
                                                                                                              • Instruction Fuzzy Hash: 99C108B0C81746CFD710CF65E84818D7BB1FB89328F946A09D1626B2E1DBB415EACF48
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9A830 Relevance: .2, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 149d7895dcdc8cd679b63849ae03e7c0d67a3338539a5eaa2f8cd34b546a8b5b
                                                                                                              • Instruction ID: dc7a486480abbdadbcb275fa5e65cdb6e135154c3bd72fca06236f82b37db7a5
                                                                                                              • Opcode Fuzzy Hash: 149d7895dcdc8cd679b63849ae03e7c0d67a3338539a5eaa2f8cd34b546a8b5b
                                                                                                              • Instruction Fuzzy Hash: 9381CE75E10259CFCB44CFAAC5849AEBBF2FF88250B14955AE415AB320E334AE42DF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9A820 Relevance: .2, Instructions: 183COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c981c0a414eeb3bd1c2337323307f28b5a4f76e524154ac84515f3479b6732d9
                                                                                                              • Instruction ID: d77db0227100e6cb60e94e4efe48b84d7195666362f71e5493f608e3146e6b09
                                                                                                              • Opcode Fuzzy Hash: c981c0a414eeb3bd1c2337323307f28b5a4f76e524154ac84515f3479b6732d9
                                                                                                              • Instruction Fuzzy Hash: F981C075E11259CFCB44CFA9C5849AEBBF2FF88250B14956AE415EB320E334AE42CF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 025958D8 Relevance: .2, Instructions: 180COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 93a7d62f783901d9ff7c0a5b5fdaddd9dd8a2bd5e455541a2627db1f85571253
                                                                                                              • Instruction ID: 649d478ef7f6370459082d39004d9ae9dc7001020d43479cf29a04bcbe247163
                                                                                                              • Opcode Fuzzy Hash: 93a7d62f783901d9ff7c0a5b5fdaddd9dd8a2bd5e455541a2627db1f85571253
                                                                                                              • Instruction Fuzzy Hash: 83617874E09209CFDF06CFAAD4806EDBBB9BF89320F54D466D819A7251E7304922CF58
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98540 Relevance: .2, Instructions: 171COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b7409b80580af7bb613196ddef8080dbc81f70b15196190522ccd70577ff786b
                                                                                                              • Instruction ID: 6b1daebe840db5da2ca61b126565efecf05dc1602c369d4711a7c7530949932f
                                                                                                              • Opcode Fuzzy Hash: b7409b80580af7bb613196ddef8080dbc81f70b15196190522ccd70577ff786b
                                                                                                              • Instruction Fuzzy Hash: 397122B5E11209DBCB84DF99D4849AEFBF2FB89310F14842AE415EB354D334AA45DFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D98532 Relevance: .2, Instructions: 168COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4386d08d75921e52c011b8890efc9c5033f34ebf37c2f4eb42582f475c4ad80c
                                                                                                              • Instruction ID: 690d4833a6d9df7e057c0ce439bc9a3931ac67d74bd63ae28e8ac6babbca1217
                                                                                                              • Opcode Fuzzy Hash: 4386d08d75921e52c011b8890efc9c5033f34ebf37c2f4eb42582f475c4ad80c
                                                                                                              • Instruction Fuzzy Hash: 2C612475E152099FCB84DF99D4849AEFBF2FB89310F14842AE405EB254D334EA86DF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9BC91 Relevance: .2, Instructions: 160COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fbc0420f44441cc7734a0ddcfd777777c689e12b59070d9a98a306ecd1153c43
                                                                                                              • Instruction ID: 759f5c3be1bde8c20e36a3b1d4ebab34bc31901cdd4e598a38336812a5c3250d
                                                                                                              • Opcode Fuzzy Hash: fbc0420f44441cc7734a0ddcfd777777c689e12b59070d9a98a306ecd1153c43
                                                                                                              • Instruction Fuzzy Hash: E461A074A15609EBDB04CFA2F1A5159BFB1FBC8300F2194D6C086DB254EB39AE65DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9B6D9 Relevance: .2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74ae643bd5117f049ffb0bfbace9e96636faa4c7f029ac0993952d6c698d069a
                                                                                                              • Instruction ID: 8d01ac991edcb6576ff6c9b22e178ac5c375bf8dd78c8584cbae24582df9c53d
                                                                                                              • Opcode Fuzzy Hash: 74ae643bd5117f049ffb0bfbace9e96636faa4c7f029ac0993952d6c698d069a
                                                                                                              • Instruction Fuzzy Hash: 4451F475E0520A9FCF04CFA9D5819AEFBF2FF88300F158566D455E7200E734AA428F91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9B6E8 Relevance: .2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 53463927d98fc8e8085e527daafbe35e2af0a78cada7757da80148c9892a5a30
                                                                                                              • Instruction ID: 6c9fc8c2aeeb648c59f80271cb6338bb0a0bd75c01cf4b2490a6f2d548f0835b
                                                                                                              • Opcode Fuzzy Hash: 53463927d98fc8e8085e527daafbe35e2af0a78cada7757da80148c9892a5a30
                                                                                                              • Instruction Fuzzy Hash: BB61E475E0520ADFCF04CFAAD5815AEFBF2FB49300F15855AD455AB300E734AA428F91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02596409 Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5680d24ef01bc5d57f926606c8843694f33263da66ce9024a9266aa932d68fa4
                                                                                                              • Instruction ID: 041d99953c6314bbf3789ef79ed79c2a8656cbdc3b2433b0921914e65b395675
                                                                                                              • Opcode Fuzzy Hash: 5680d24ef01bc5d57f926606c8843694f33263da66ce9024a9266aa932d68fa4
                                                                                                              • Instruction Fuzzy Hash: A0516EB0D002598FCB14CFA9C5905AEFBF6BF89314F24C1AAD418AB35AD7359946CF60
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9D940 Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 51654a72b17bbfb272b8ac31b47c73f70a289dd9a56f27188ee23da9d7bd6829
                                                                                                              • Instruction ID: 19503ba63a5108f70959d70e1c2f5c4ea79b801f49c0dca4a477713595cd658a
                                                                                                              • Opcode Fuzzy Hash: 51654a72b17bbfb272b8ac31b47c73f70a289dd9a56f27188ee23da9d7bd6829
                                                                                                              • Instruction Fuzzy Hash: AA514471E0621A9BCF04DFAAD4855AEFBF2EF89310F10942AD405F7354E734AA028F90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9D950 Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37cf8e7d40519767d383808d49b3f2e39e28881e3983584f94a2fb60d397165b
                                                                                                              • Instruction ID: 309e125dd10f7c6e0715971bb0be8f5bef49ee958e49e7acdd067f4c77861875
                                                                                                              • Opcode Fuzzy Hash: 37cf8e7d40519767d383808d49b3f2e39e28881e3983584f94a2fb60d397165b
                                                                                                              • Instruction Fuzzy Hash: 18512371E0521A9BCF04DFAAD4855AEFBF2EB89310F20942AD415F7354E734AA418F90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02596850 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 72ebd6c0a03ef99fcf086362f30c9987285bcfb2ee937916f11af25de7c0ef72
                                                                                                              • Instruction ID: 42221faf04ae4ae6fbc7b7f85e7991075bada4ae3a4a19dd6b7cf3fce9b5f996
                                                                                                              • Opcode Fuzzy Hash: 72ebd6c0a03ef99fcf086362f30c9987285bcfb2ee937916f11af25de7c0ef72
                                                                                                              • Instruction Fuzzy Hash: 88511874E002198FDB18DFA9C5806AEFBF6BF89304F24C169D418AB355D7349946CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9A409 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdc8a30c1feed4b4566480c28ce43320f2751cb660049156c10fa099d3866144
                                                                                                              • Instruction ID: 58d50b04b367cd5f868a585fb9f0a95b638f8678f077ce37af34f317b4d03219
                                                                                                              • Opcode Fuzzy Hash: cdc8a30c1feed4b4566480c28ce43320f2751cb660049156c10fa099d3866144
                                                                                                              • Instruction Fuzzy Hash: EE41E7B1E0524ADFCF04CFA9C5845AEBBF2FB85300F2485A5C419E7714E734AE458B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9BA48 Relevance: .1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3061eaec14b6ef0e29fd29494d5b555879c80f01afd4a2a03a3d0dafecc48af
                                                                                                              • Instruction ID: 013130327e9ebc6395df752c3647f9071655770ac6ecf5ca3b152a8459a6f40d
                                                                                                              • Opcode Fuzzy Hash: e3061eaec14b6ef0e29fd29494d5b555879c80f01afd4a2a03a3d0dafecc48af
                                                                                                              • Instruction Fuzzy Hash: EB41D4B1E0561A9FCB04CFAAD4815AEFBF2FF88300F15D46AC415E7254E774AA428F94
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9BA58 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd654b9b2b1c5b20156fe85ef824ae1179dfc77eb3fc65bad823ff781f0a7fd5
                                                                                                              • Instruction ID: e97ad0cb11ad58502f78994905acd8b8d6f60ea3c5b572be9608ce731f2a2288
                                                                                                              • Opcode Fuzzy Hash: cd654b9b2b1c5b20156fe85ef824ae1179dfc77eb3fc65bad823ff781f0a7fd5
                                                                                                              • Instruction Fuzzy Hash: 7E41B3B0E0161A9BDB48CFAAD4815AEFBF2FF88300F14D56AC415E7354E774AA418F94
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0259AC36 Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1687992536.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2590000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88eb08e41b7a113c6d03899002c94b73cb6e8f8a343e6dee8fb531f8d2d9e496
                                                                                                              • Instruction ID: 44ceb17be3a6baf72d0beb80bbfb5fa47988a7c9280762afc2c7b184a4a489e4
                                                                                                              • Opcode Fuzzy Hash: 88eb08e41b7a113c6d03899002c94b73cb6e8f8a343e6dee8fb531f8d2d9e496
                                                                                                              • Instruction Fuzzy Hash: 46E0B635D0D118DBDF50AEA4B8492FCBBB8F78B21AF0528A2A40EE6201D6358555CB19
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9469F Relevance: 5.2, Strings: 4, Instructions: 218COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq$LRdq$$dq$$dq
                                                                                                              • API String ID: 0-340319088
                                                                                                              • Opcode ID: e46e5068a3cb28357883f2b0d39806a055637c27a9133dc7f12994b43950a366
                                                                                                              • Instruction ID: 02670647ca978ccc3a6644e67aaf7c198c6db3a1011149d30ad5d3da130aafe6
                                                                                                              • Opcode Fuzzy Hash: e46e5068a3cb28357883f2b0d39806a055637c27a9133dc7f12994b43950a366
                                                                                                              • Instruction Fuzzy Hash: 36A129B4E04218DFCF04CFA9C540AAEB7F2BF89301F248555E455EB296D734AD82DB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D946C8 Relevance: 5.2, Strings: 4, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq$LRdq$$dq$$dq
                                                                                                              • API String ID: 0-340319088
                                                                                                              • Opcode ID: ee648811ede33d01762c895f0982ea2ac07f3127a35147bad07d32760d71ed40
                                                                                                              • Instruction ID: e1425e8b5a94cbf4e1849932f299d7b8cbfaaf9e39f3f52cd10ca8814dc0a57d
                                                                                                              • Opcode Fuzzy Hash: ee648811ede33d01762c895f0982ea2ac07f3127a35147bad07d32760d71ed40
                                                                                                              • Instruction Fuzzy Hash: A59118B0E04228DFCF14CFA9C540AAEB7F2BF89301F248555E455EB296D734AD82DB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04D9F960 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1695037691.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4d90000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: T+-q$[V~*$[V~*$]\`
                                                                                                              • API String ID: 0-1849991408
                                                                                                              • Opcode ID: e5c8ba96a302f184a8cfb27c19de7db2bb6fa83a2926a5646863de78571de65f
                                                                                                              • Instruction ID: 21951c09773f08a7091ae76e280c010f55427cced3f9deca15533cb526bc5c06
                                                                                                              • Opcode Fuzzy Hash: e5c8ba96a302f184a8cfb27c19de7db2bb6fa83a2926a5646863de78571de65f
                                                                                                              • Instruction Fuzzy Hash: C2314C71A05245EBDF108F69C8407BEBBF0AF0A318F14852FA8A5DB291E235ED44D762
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:12.9%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:149
                                                                                                              Total number of Limit Nodes:18
                                                                                                              execution_graph 40211 1380848 40212 138084e 40211->40212 40213 138091b 40212->40213 40217 1381380 40212->40217 40221 1491d00 40212->40221 40225 1491cf0 40212->40225 40219 138138b 40217->40219 40218 1381480 40218->40212 40219->40218 40229 1387088 40219->40229 40222 1491d0f 40221->40222 40242 14914e4 40222->40242 40226 1491d00 40225->40226 40227 14914e4 2 API calls 40226->40227 40228 1491d30 40227->40228 40228->40212 40230 1387092 40229->40230 40231 13870ac 40230->40231 40234 667d372 40230->40234 40238 667d3b0 40230->40238 40231->40219 40236 667d385 40234->40236 40235 667d5da 40235->40231 40236->40235 40237 667d5f0 GlobalMemoryStatusEx 40236->40237 40237->40236 40240 667d3c5 40238->40240 40239 667d5da 40239->40231 40240->40239 40241 667d5f0 GlobalMemoryStatusEx 40240->40241 40241->40240 40243 14914ef 40242->40243 40246 1492c4c 40243->40246 40245 14936b6 40247 1492c57 40246->40247 40248 1493ddc 40247->40248 40253 1495a5e 40247->40253 40258 1495a60 40247->40258 40263 1495ae1 40247->40263 40269 1495b21 40247->40269 40248->40245 40255 1495a81 40253->40255 40254 1495aa5 40254->40248 40254->40254 40255->40254 40273 1495c10 40255->40273 40260 1495a81 40258->40260 40259 1495aa5 40259->40248 40259->40259 40260->40259 40262 1495c10 2 API calls 40260->40262 40261 1495b45 40262->40261 40264 1495ae8 40263->40264 40266 1495aef 40263->40266 40264->40248 40265 1495b69 40265->40265 40266->40265 40268 1495c10 2 API calls 40266->40268 40267 1495b45 40268->40267 40270 1495b2a 40269->40270 40272 1495c10 2 API calls 40270->40272 40271 1495b45 40272->40271 40274 1495c1d 40273->40274 40275 1495b45 40274->40275 40277 1494974 40274->40277 40278 149497f 40277->40278 40280 1495cc8 40278->40280 40281 14949a8 40278->40281 40280->40280 40282 14949b3 40281->40282 40288 14949b8 40282->40288 40284 1495d37 40292 149af60 40284->40292 40298 149af48 40284->40298 40285 1495d71 40285->40280 40291 14949c3 40288->40291 40289 1496ed8 40289->40284 40290 1495a60 2 API calls 40290->40289 40291->40289 40291->40290 40293 149afdd 40292->40293 40295 149af91 40292->40295 40293->40285 40294 149af9d 40294->40285 40295->40294 40304 149b1d8 40295->40304 40307 149b1d6 40295->40307 40300 149afdd 40298->40300 40301 149af91 40298->40301 40299 149af9d 40299->40285 40300->40285 40301->40299 40302 149b1d8 2 API calls 40301->40302 40303 149b1d6 2 API calls 40301->40303 40302->40300 40303->40300 40310 149b218 40304->40310 40305 149b1e2 40305->40293 40308 149b1e2 40307->40308 40309 149b218 2 API calls 40307->40309 40308->40293 40309->40308 40311 149b21d 40310->40311 40312 149b25c 40311->40312 40316 149b4b1 LoadLibraryExW 40311->40316 40317 149b4c0 LoadLibraryExW 40311->40317 40312->40305 40313 149b254 40313->40312 40314 149b460 GetModuleHandleW 40313->40314 40315 149b48d 40314->40315 40315->40305 40316->40313 40317->40313 40139 1492e08 40140 1492e4e GetCurrentProcess 40139->40140 40142 1492e99 40140->40142 40143 1492ea0 GetCurrentThread 40140->40143 40142->40143 40144 1492edd GetCurrentProcess 40143->40144 40145 1492ed6 40143->40145 40146 1492f13 40144->40146 40145->40144 40147 1492f3b GetCurrentThreadId 40146->40147 40148 1492f6c 40147->40148 40318 1493050 DuplicateHandle 40319 14930e6 40318->40319 40320 149d810 40321 149d878 CreateWindowExW 40320->40321 40323 149d934 40321->40323 40323->40323 40149 132d01c 40150 132d034 40149->40150 40151 132d08e 40150->40151 40156 149d9c8 40150->40156 40160 149d9b7 40150->40160 40164 149cc44 40150->40164 40173 149e718 40150->40173 40157 149d9ee 40156->40157 40158 149cc44 CallWindowProcW 40157->40158 40159 149da0f 40158->40159 40159->40151 40161 149d9ee 40160->40161 40162 149cc44 CallWindowProcW 40161->40162 40163 149da0f 40162->40163 40163->40151 40167 149cc4f 40164->40167 40165 149e789 40198 149cd6c 40165->40198 40167->40165 40168 149e779 40167->40168 40182 149e97c 40168->40182 40188 149e8b0 40168->40188 40193 149e8a0 40168->40193 40169 149e787 40176 149e755 40173->40176 40174 149e789 40175 149cd6c CallWindowProcW 40174->40175 40178 149e787 40175->40178 40176->40174 40177 149e779 40176->40177 40179 149e97c CallWindowProcW 40177->40179 40180 149e8a0 CallWindowProcW 40177->40180 40181 149e8b0 CallWindowProcW 40177->40181 40179->40178 40180->40178 40181->40178 40183 149e98a 40182->40183 40184 149e93a 40182->40184 40202 149e958 40184->40202 40205 149e968 40184->40205 40185 149e950 40185->40169 40190 149e8c4 40188->40190 40189 149e950 40189->40169 40191 149e958 CallWindowProcW 40190->40191 40192 149e968 CallWindowProcW 40190->40192 40191->40189 40192->40189 40195 149e8c4 40193->40195 40194 149e950 40194->40169 40196 149e958 CallWindowProcW 40195->40196 40197 149e968 CallWindowProcW 40195->40197 40196->40194 40197->40194 40199 149cd77 40198->40199 40200 149fe6a CallWindowProcW 40199->40200 40201 149fe19 40199->40201 40200->40201 40201->40169 40203 149e979 40202->40203 40208 149fdae 40202->40208 40203->40185 40206 149e979 40205->40206 40207 149fdae CallWindowProcW 40205->40207 40206->40185 40207->40206 40209 149cd6c CallWindowProcW 40208->40209 40210 149fdba 40209->40210 40210->40203

                                                                                                              Executed Functions

                                                                                                              Function 01389C00 Relevance: 2.8, Instructions: 2813COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5492b2f00e2d9662c9d1cd1a717e061c921edd8c0387229ecba667ef602346a8
                                                                                                              • Instruction ID: a5c5f8bf18ce724d773a6dcafb7f6a08474689d330ebbdee127d95e423a30574
                                                                                                              • Opcode Fuzzy Hash: 5492b2f00e2d9662c9d1cd1a717e061c921edd8c0387229ecba667ef602346a8
                                                                                                              • Instruction Fuzzy Hash: 9F53F631D10B1A8EDB11EF68C8806A9F7B1FF99310F15D79AE45877121EB70AAC5CB81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0138CE98 Relevance: 2.3, Instructions: 2299COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9fec7a5fb68d2648a4181517ca4b122a2f621e6ebde7dea67520e6437b12bf04
                                                                                                              • Instruction ID: 1f7e339623935908f2373eae11e67528ea18f18fa5dd65edb1fc87594a5404e1
                                                                                                              • Opcode Fuzzy Hash: 9fec7a5fb68d2648a4181517ca4b122a2f621e6ebde7dea67520e6437b12bf04
                                                                                                              • Instruction Fuzzy Hash: 2F331D31D10B198EDB11EF68C8806ADF7B1FF99304F15C79AE458A7251EB70AAC5CB81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389388 Relevance: .6, Instructions: 617COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fab88f6fe8abfcf5489d9fc52f6eb79ef27095b1f0d739a38932cda0dfac8b0c
                                                                                                              • Instruction ID: 1308939763235d56ea499426b8fe46ea484655f065e81d3ffd2ddec53ee188b2
                                                                                                              • Opcode Fuzzy Hash: fab88f6fe8abfcf5489d9fc52f6eb79ef27095b1f0d739a38932cda0dfac8b0c
                                                                                                              • Instruction Fuzzy Hash: FC327F74A002058FDB15EF69D984BADBBB2FBC8328F248465E905EB395DB34DC41CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384A98 Relevance: .3, Instructions: 266COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1fca1f47be81c72135abbd94cafa46dc9f155bb2c9973aece594de5f3717d717
                                                                                                              • Instruction ID: 0a32e976cc43641a83c2592fe5fcea403cf5770e3dda7a2f9b0d3817c072316b
                                                                                                              • Opcode Fuzzy Hash: 1fca1f47be81c72135abbd94cafa46dc9f155bb2c9973aece594de5f3717d717
                                                                                                              • Instruction Fuzzy Hash: EBB17C70E0030A9FDF14EFA8D9817ADBBF2BF88318F148529D815E7694EB749845CB81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01383E80 Relevance: .2, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3d2bae52e5f6ef71567376a4f4231e9ef3daf051ea187ebe4db16f34b1c9f831
                                                                                                              • Instruction ID: 0a6a5b551f00a7c6af0bfe4b2086cec0545ca699cf6429f08aad18dc3e13a69f
                                                                                                              • Opcode Fuzzy Hash: 3d2bae52e5f6ef71567376a4f4231e9ef3daf051ea187ebe4db16f34b1c9f831
                                                                                                              • Instruction Fuzzy Hash: 169180B0E0030A8FDF14DFA8D98179EBBF2BF98308F148129E405A7754EB749846CB81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01492DFA Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1197 1492dfa-1492e97 GetCurrentProcess 1201 1492e99-1492e9f 1197->1201 1202 1492ea0-1492ed4 GetCurrentThread 1197->1202 1201->1202 1203 1492edd-1492f11 GetCurrentProcess 1202->1203 1204 1492ed6-1492edc 1202->1204 1206 1492f1a-1492f35 call 1492fd8 1203->1206 1207 1492f13-1492f19 1203->1207 1204->1203 1210 1492f3b-1492f6a GetCurrentThreadId 1206->1210 1207->1206 1211 1492f6c-1492f72 1210->1211 1212 1492f73-1492fd5 1210->1212 1211->1212
                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 01492E86
                                                                                                              • GetCurrentThread.KERNEL32 ref: 01492EC3
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 01492F00
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 01492F59
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: 6e46f26c0db0889f943dbc955aec94bb8720019c7846449798c3fc6d7db74cf3
                                                                                                              • Instruction ID: e9a0f60b931f8641e8d8fc2f356b5c7607bae7a451c4fb91dfdde621ee6b681c
                                                                                                              • Opcode Fuzzy Hash: 6e46f26c0db0889f943dbc955aec94bb8720019c7846449798c3fc6d7db74cf3
                                                                                                              • Instruction Fuzzy Hash: 935167B09013499FDB18DFA9D548BAEBFF1FF88314F20845AE409A73A0D7745984CB65
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01492E08 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1219 1492e08-1492e97 GetCurrentProcess 1223 1492e99-1492e9f 1219->1223 1224 1492ea0-1492ed4 GetCurrentThread 1219->1224 1223->1224 1225 1492edd-1492f11 GetCurrentProcess 1224->1225 1226 1492ed6-1492edc 1224->1226 1228 1492f1a-1492f35 call 1492fd8 1225->1228 1229 1492f13-1492f19 1225->1229 1226->1225 1232 1492f3b-1492f6a GetCurrentThreadId 1228->1232 1229->1228 1233 1492f6c-1492f72 1232->1233 1234 1492f73-1492fd5 1232->1234 1233->1234
                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 01492E86
                                                                                                              • GetCurrentThread.KERNEL32 ref: 01492EC3
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 01492F00
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 01492F59
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: 999cd4589efc663351b6357e20b68b54ae7857ff551a48ec2cc8c22f74a0acc2
                                                                                                              • Instruction ID: e6d2c13c69c77eb854cb02c0892ebaabb401e8932d7eb515ed928085939a630a
                                                                                                              • Opcode Fuzzy Hash: 999cd4589efc663351b6357e20b68b54ae7857ff551a48ec2cc8c22f74a0acc2
                                                                                                              • Instruction Fuzzy Hash: 5D5137B09003099FDB18DFA9D548BAEBFF1FF88314F20845AE419A7360D7745984CB65
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01386ED8 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2803 1386ed8-1386f3a call 1386c38 2812 1386f3c-1386f55 call 1386384 2803->2812 2813 1386f56-1386f84 2803->2813 2818 1386f86-1386f89 2813->2818 2820 1386f8b-1386fc0 2818->2820 2821 1386fc5-1386fc8 2818->2821 2820->2821 2822 1386fd8-1386fdb 2821->2822 2823 1386fca call 1387918 2821->2823 2824 1386fdd-1386fe4 2822->2824 2825 1386fef-1386ff2 2822->2825 2830 1386fd0-1386fd3 2823->2830 2826 1386fea 2824->2826 2827 13870e3-13870ea 2824->2827 2828 1386ff4-1387008 2825->2828 2829 1387025-1387027 2825->2829 2826->2825 2831 13870f9-13870ff 2827->2831 2832 13870ec 2827->2832 2837 138700a-138700c 2828->2837 2838 138700e 2828->2838 2833 1387029 2829->2833 2834 138702e-1387031 2829->2834 2830->2822 2849 13870ec call 667e8c0 2832->2849 2850 13870ec call 667e8b0 2832->2850 2833->2834 2834->2818 2836 1387037-1387046 2834->2836 2842 1387048-138704b 2836->2842 2843 1387070-1387085 2836->2843 2840 1387011-1387020 2837->2840 2838->2840 2839 13870f2 2839->2831 2840->2829 2846 1387053-138706e 2842->2846 2843->2827 2846->2842 2846->2843 2849->2839 2850->2839
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq$LRdq
                                                                                                              • API String ID: 0-3657686274
                                                                                                              • Opcode ID: 8557620a127e34cde5c17444206546812cb71b67d5430c74defa895d7111065f
                                                                                                              • Instruction ID: 8848e4ac14bd8e5a8c0a5dbdf8dbe9d193942d4400811c4d2719e32d3f4a2b2e
                                                                                                              • Opcode Fuzzy Hash: 8557620a127e34cde5c17444206546812cb71b67d5430c74defa895d7111065f
                                                                                                              • Instruction Fuzzy Hash: FB41C170E003199FDB15EF79C85069EB7B6FF86318F20846AE805EB251EB719C42CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149B218 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0149B47E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: a6db69cfc07e630c8e8c304201c09438b96dc6b343d5bb30882ee4ea3b30d4bb
                                                                                                              • Instruction ID: 4dbd9194dbf18f06412abf11e5c10464a22fd745b75414e47ef2713f773270fe
                                                                                                              • Opcode Fuzzy Hash: a6db69cfc07e630c8e8c304201c09438b96dc6b343d5bb30882ee4ea3b30d4bb
                                                                                                              • Instruction Fuzzy Hash: C18125B0A00B058FDB24DF2AE445B5ABBF1FF88204F00896ED48AD7B60D775E945CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0667E1B0 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2935712538.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_6670000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 35fbebf0ba3b37bcf782c99dad9fcf50c64d9588d18401d3b94b27f3500ddae3
                                                                                                              • Instruction ID: 9a2440fd036a2d63caf41e2173932531d168af7648c65ac7544fe11b3afeb9bf
                                                                                                              • Opcode Fuzzy Hash: 35fbebf0ba3b37bcf782c99dad9fcf50c64d9588d18401d3b94b27f3500ddae3
                                                                                                              • Instruction Fuzzy Hash: 88413472D083959FCB00CFA9D81469EBFF5AF89210F0585AAD408A7391EB789844CBD1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149D804 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0149D922
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: e06bdb2363ddde7410740839c9eb33bb8156bdb3a15b3aac1399379f07a12b27
                                                                                                              • Instruction ID: 935e8bb760304648a7277f91d69186011a02c9f4bafa792e5774617667ea25a5
                                                                                                              • Opcode Fuzzy Hash: e06bdb2363ddde7410740839c9eb33bb8156bdb3a15b3aac1399379f07a12b27
                                                                                                              • Instruction Fuzzy Hash: A951A1B1D103499FDB14CF99D984ADEBFB5FF48310F24822AE819AB210D7719945CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149D810 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0149D922
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: 6a9a8f1cf0f079872a1957e7fbe66b35ab9315fc37102e7d0c967435e951001f
                                                                                                              • Instruction ID: 254cc3b73819311449af826d3a00deb57c8d1345fb5259f437c0fc1d677cb7b1
                                                                                                              • Opcode Fuzzy Hash: 6a9a8f1cf0f079872a1957e7fbe66b35ab9315fc37102e7d0c967435e951001f
                                                                                                              • Instruction Fuzzy Hash: 3941B1B1D003099FDF14DF99C984ADEBFB6BF48310F24852AE819AB210D7719945CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149CD6C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 0149FE91
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallProcWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 2714655100-0
                                                                                                              • Opcode ID: 68aa069c342efd233d3592161151bd83e8e02b2ba079df2b5909ede5fc88c423
                                                                                                              • Instruction ID: 3acce12e42914f5884dcf698b3ff82f8b93e0d31cf8b3966ae36546fe13c431c
                                                                                                              • Opcode Fuzzy Hash: 68aa069c342efd233d3592161151bd83e8e02b2ba079df2b5909ede5fc88c423
                                                                                                              • Instruction Fuzzy Hash: 7E4119B4900349DFCB14CF99C848AAABFF5FB88724F24C459D519A7361D774A845CFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01493048 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014930D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: e2dc7e2b30670a350ee1ede3438a3a68f87bbc8022bd642a5b0b1ed89b89fe4c
                                                                                                              • Instruction ID: 45b573e7b9016c7058696d6e109d46907bf61a14461ca5af444a408c3e48db99
                                                                                                              • Opcode Fuzzy Hash: e2dc7e2b30670a350ee1ede3438a3a68f87bbc8022bd642a5b0b1ed89b89fe4c
                                                                                                              • Instruction Fuzzy Hash: C921D2B5D002089FDB10CFA9D584AEEBFF5FB48310F14845AE918A3350D379AA54CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01493050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014930D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 2499eecc8d8c6f6d715e44dea0f673c039ef1d288cc5401b15eda1b4d93fa5ed
                                                                                                              • Instruction ID: d564abde2176d43250d6c859e50971c7746b36230c58189fbf9b3b34ce4f2499
                                                                                                              • Opcode Fuzzy Hash: 2499eecc8d8c6f6d715e44dea0f673c039ef1d288cc5401b15eda1b4d93fa5ed
                                                                                                              • Instruction Fuzzy Hash: B321E0B59002089FDB10CFAAD984ADEBFF9FB48320F14841AE918A3350D375A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149A1C0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0149B4F9,00000800,00000000,00000000), ref: 0149B6EA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: dd4bd923288890bd077d088be5891fa08c4ee2bb3f45a892241c445695715308
                                                                                                              • Instruction ID: fc793efce7492ee969a80017d1d597ec022b141487867790b9ed1de5619f707e
                                                                                                              • Opcode Fuzzy Hash: dd4bd923288890bd077d088be5891fa08c4ee2bb3f45a892241c445695715308
                                                                                                              • Instruction Fuzzy Hash: 801112B69003098FDB10CF9AD848ADEFFF4EB88320F10842AE519A7310C375A945CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149B679 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0149B4F9,00000800,00000000,00000000), ref: 0149B6EA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: 80692c7045dfdd07142d09297750520ceafc964547280fc45a6102ac9a87009d
                                                                                                              • Instruction ID: cb5a26e8178ce28f74d7ae2250b59ed6d6f8638c41e8e48f50c3a93dcc2bd1cf
                                                                                                              • Opcode Fuzzy Hash: 80692c7045dfdd07142d09297750520ceafc964547280fc45a6102ac9a87009d
                                                                                                              • Instruction Fuzzy Hash: 3F21F4B58003498FDB14CF9AD444ADEBFF4EB89310F14842ED519A7210C375A945CFA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0667E298 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GlobalMemoryStatusEx.KERNELBASE ref: 0667E2FF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2935712538.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_6670000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: GlobalMemoryStatus
                                                                                                              • String ID:
                                                                                                              • API String ID: 1890195054-0
                                                                                                              • Opcode ID: 31bb08559ed3751c47231a66b8bf49bf80f2ecb360c4b5549fabab0cd7371ac4
                                                                                                              • Instruction ID: 7daed340be2a021108d44e4a9fb4755e378cfd74a3ba46f42ad3f0f3e686469e
                                                                                                              • Opcode Fuzzy Hash: 31bb08559ed3751c47231a66b8bf49bf80f2ecb360c4b5549fabab0cd7371ac4
                                                                                                              • Instruction Fuzzy Hash: 331123B1C006599FCB10DF9AC444BDEFBF4EF48320F11816AD818A7241D378A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0149B418 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0149B47E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929697755.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1490000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 9258b805834a9333583a9c005856e1e71bb0a1a0ba93e3666f1f7eeb4f6bf30c
                                                                                                              • Instruction ID: a068666456b626f46332c388e18cac8d05b69ce7779580398e701cd4a83cd328
                                                                                                              • Opcode Fuzzy Hash: 9258b805834a9333583a9c005856e1e71bb0a1a0ba93e3666f1f7eeb4f6bf30c
                                                                                                              • Instruction Fuzzy Hash: B511E0B5C003498FDB14DF9AD444ADEFBF4EB88724F10842AD529A7710D379A545CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0138F3DD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHdq
                                                                                                              • API String ID: 0-2991842255
                                                                                                              • Opcode ID: 4699f99fb86ffdc1bdb0dfdbede1755102277b48e2176a6b59fe2076396ff4ca
                                                                                                              • Instruction ID: abad58d760ca8b0323daf7cf7fc8d65f1b54e89d518014a6544e9c3ecd64e15d
                                                                                                              • Opcode Fuzzy Hash: 4699f99fb86ffdc1bdb0dfdbede1755102277b48e2176a6b59fe2076396ff4ca
                                                                                                              • Instruction Fuzzy Hash: 03319D307003058FDB19AF38D55466E7BEAEB85324F14456AD406EB395DF39DD82CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0138F3F0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHdq
                                                                                                              • API String ID: 0-2991842255
                                                                                                              • Opcode ID: f4a4cc12d6531d576a95b99e4e252a704cb5041e287af07caddae93d4b57a91b
                                                                                                              • Instruction ID: b4bd364748bddb45c1d893f813e205b32313ef629a5b3467eeadb2ceeb50ab97
                                                                                                              • Opcode Fuzzy Hash: f4a4cc12d6531d576a95b99e4e252a704cb5041e287af07caddae93d4b57a91b
                                                                                                              • Instruction Fuzzy Hash: F531BE30B003058FDB19AF78D55466E7BEAEF88314F244869D406EB399DE35DD82CBA4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01386F70 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq
                                                                                                              • API String ID: 0-3106745678
                                                                                                              • Opcode ID: 72da1f243c4bc9b2b4071064b7b50e02e08169e55751096e6054a910a83802af
                                                                                                              • Instruction ID: faaa3b9bd722a1571baf20c2731212335b44558bdb10f12716f73852eb07a0f7
                                                                                                              • Opcode Fuzzy Hash: 72da1f243c4bc9b2b4071064b7b50e02e08169e55751096e6054a910a83802af
                                                                                                              • Instruction Fuzzy Hash: C431E374E003098FDB15EFA8C84479EB7B2FF85308F208469E801EB250DBB1D946CB41
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01386B99 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRdq
                                                                                                              • API String ID: 0-3106745678
                                                                                                              • Opcode ID: 6d0a8d8274e1c35526b2f48eee050f9500d29ddcd383982b846150c5bbbcd07d
                                                                                                              • Instruction ID: 5a7035977776c4c4001ea884c5c4ae509a872c5a55fbbdeff97cb8ab2acf85c7
                                                                                                              • Opcode Fuzzy Hash: 6d0a8d8274e1c35526b2f48eee050f9500d29ddcd383982b846150c5bbbcd07d
                                                                                                              • Instruction Fuzzy Hash: 2D11E5706043405FC316BB3884246AE7BF6FF8A318F1084EED006CB2A6EA3A5802C791
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01387918 Relevance: .6, Instructions: 555COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 45c0cc37a5470624e55f4731d586b8b1cc6e9d66681f5b44ceaed4e39b52d768
                                                                                                              • Instruction ID: 9e6ca57b6d37dbb7566283efd456b06ad940d12e855c98824791ca40f88e97fb
                                                                                                              • Opcode Fuzzy Hash: 45c0cc37a5470624e55f4731d586b8b1cc6e9d66681f5b44ceaed4e39b52d768
                                                                                                              • Instruction Fuzzy Hash: BA1263707003168BCB2AAB3CD94462976E7FBC5365F2059B8E006CB359CE79EC969781
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384A90 Relevance: .3, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4359e3969fc2c1caf806b6a9338f4aedf941bbdb1279ac3d0c75b135e138e58e
                                                                                                              • Instruction ID: 4eedef817c001cd2e6130c2f2fa81c9765d1d7d538c477939e1c5ff726dbffda
                                                                                                              • Opcode Fuzzy Hash: 4359e3969fc2c1caf806b6a9338f4aedf941bbdb1279ac3d0c75b135e138e58e
                                                                                                              • Instruction Fuzzy Hash: E8B16C70E0030A9FDF11EFA8D98179DBBF1BF48318F248529D855E7A94EB749845CB81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389374 Relevance: .2, Instructions: 240COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9e778e8e1ce56b3be2c3e879dfe63272bec2bc3725badb5de07fd81265b74357
                                                                                                              • Instruction ID: 6ded5e289cf12f2bcbf47c2d1c15278b69d882108061388cb35884c71be9a766
                                                                                                              • Opcode Fuzzy Hash: 9e778e8e1ce56b3be2c3e879dfe63272bec2bc3725badb5de07fd81265b74357
                                                                                                              • Instruction Fuzzy Hash: 8F915C34A002159FDB15EF68D584AADBBF2EFC8328F248465E906E7395DB34EC42CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01383E74 Relevance: .2, Instructions: 234COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e7b4d9f6837049558e3290b64a97f8c31f5ad2c21cdd96611dd592f25b1fb45
                                                                                                              • Instruction ID: 0cedb50f3b84171b222bdddee6b6c3c43a01450c6b734a9e5eba5195348a833c
                                                                                                              • Opcode Fuzzy Hash: 4e7b4d9f6837049558e3290b64a97f8c31f5ad2c21cdd96611dd592f25b1fb45
                                                                                                              • Instruction Fuzzy Hash: BC916DB0E0030ACFDB10DFA8D98579EBBF2BF98718F148129E415A7754EB749845CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384804 Relevance: .2, Instructions: 181COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5a8645dc8b1ec5d7421ea7da894483c2fed1f388c3f629ce660028db0b782f26
                                                                                                              • Instruction ID: 510e9b6c71c34290fd00a1aeec12fa9f669c682e8ccd6d154209229c80071c41
                                                                                                              • Opcode Fuzzy Hash: 5a8645dc8b1ec5d7421ea7da894483c2fed1f388c3f629ce660028db0b782f26
                                                                                                              • Instruction Fuzzy Hash: 8E716BB0D0034A8FEB10EFA9D88579EFFF1BF88318F148129E415AB654EB749841CB95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384810 Relevance: .2, Instructions: 180COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12499a522d46297121a931b30f74072a048c0928053a19b58e355a4f15d3d15f
                                                                                                              • Instruction ID: 2bc4f4bcc85365da70eea2d49991290f0fac55aec9ae35c59d99b80da1e80c0f
                                                                                                              • Opcode Fuzzy Hash: 12499a522d46297121a931b30f74072a048c0928053a19b58e355a4f15d3d15f
                                                                                                              • Instruction Fuzzy Hash: F3717DB0E0034ACFDB14DFA9D88079EFBF2BF88318F148129E415AB654EB749841CB85
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01386CDA Relevance: .1, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 327517b0a7a255d536a39c4c8ff884b1162b3fd866d24da7e3318bdc1b1631c1
                                                                                                              • Instruction ID: 489b28092e852f75ec1fa1dd111793dcccafb3932acaaa2d628f9ae877bbcc06
                                                                                                              • Opcode Fuzzy Hash: 327517b0a7a255d536a39c4c8ff884b1162b3fd866d24da7e3318bdc1b1631c1
                                                                                                              • Instruction Fuzzy Hash: 3A5113B0D103188FDB18DFA9C986B9DBBB1FF48314F14812AE819AB395D774A844CB95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01386CE0 Relevance: .1, Instructions: 132COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7610c2681ecc885760d9cf9dce4782fafdb7300f9f8d462985c359a9b1cca7c
                                                                                                              • Instruction ID: 06e706ee189d719c6470644f1cebb0af6a8d66433afbd393d8a6f3beb127529c
                                                                                                              • Opcode Fuzzy Hash: e7610c2681ecc885760d9cf9dce4782fafdb7300f9f8d462985c359a9b1cca7c
                                                                                                              • Instruction Fuzzy Hash: 1B5123B0D103188FDB18DFA9C985B9DBBB1FF48314F14811AE819AB395D774A844CF95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381128 Relevance: .1, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 03848c9fd6cf128d6585bb8de2260b4cd89087bd3d83a8183ac4416d03dcf9bf
                                                                                                              • Instruction ID: 036b10d1862073e2f3c4d81c67e24e04cae654cd64334cd3df28adb21a35e19b
                                                                                                              • Opcode Fuzzy Hash: 03848c9fd6cf128d6585bb8de2260b4cd89087bd3d83a8183ac4416d03dcf9bf
                                                                                                              • Instruction Fuzzy Hash: 2751F3312012558FC725FF3AF9809543FAAFBA2B0570085BDE0146F26ADA7C2D65CF82
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381138 Relevance: .1, Instructions: 112COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea33b0521e2e4310aac7de9beacc9b7a6eab70ea7d6ad895a591b7f625f4f495
                                                                                                              • Instruction ID: 2e5b4eb561eacc8c1e5e7fffb06c07c7557b94c658e6216e9979be94ed3fbaad
                                                                                                              • Opcode Fuzzy Hash: ea33b0521e2e4310aac7de9beacc9b7a6eab70ea7d6ad895a591b7f625f4f495
                                                                                                              • Instruction Fuzzy Hash: DC51F6712012558FC725FF3AF9809583FAAF7A2B0570085BDE0146F26ADA7C2D65CF82
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0138F2A0 Relevance: .1, Instructions: 99COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 94641729ba257df1f52c43daf55772d32fb378cb02873dc1005b39ba987582ed
                                                                                                              • Instruction ID: 89dcc2e505cad0156f50896c14c348d7f756b8a822a69ecdb102bd690395d588
                                                                                                              • Opcode Fuzzy Hash: 94641729ba257df1f52c43daf55772d32fb378cb02873dc1005b39ba987582ed
                                                                                                              • Instruction Fuzzy Hash: C931AF35E107069BCB15DF69D99469EBBB6FF89304F108529E806EB350EB70EC42CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 013826E0 Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d858b2c74685653dd97be08d23b2a481a7bc3da23b79a38b46cbabf94d1a4997
                                                                                                              • Instruction ID: 58ad4540d9617dddca764a9038d3ad375109e11b04d0dfcb55ff70cee421cea8
                                                                                                              • Opcode Fuzzy Hash: d858b2c74685653dd97be08d23b2a481a7bc3da23b79a38b46cbabf94d1a4997
                                                                                                              • Instruction Fuzzy Hash: 7A41E1B0D003499FDB14DFA9C884ADEBFF5FF48314F24842AE419AB250DB75A945CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0138F2B0 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f43f721ffc68c8f65fa077dd94962b69dc22d7598cd85f27a88961e184c2eece
                                                                                                              • Instruction ID: bef05d0b6ebef8620f1cb71c86ae61da3ff10fc74ea89ea3352e578b77d935f5
                                                                                                              • Opcode Fuzzy Hash: f43f721ffc68c8f65fa077dd94962b69dc22d7598cd85f27a88961e184c2eece
                                                                                                              • Instruction Fuzzy Hash: BD31AE35F106068BCB19DF69D99469EBBB6FF88300F108529E806EB350DB70AC42CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 013826E8 Relevance: .1, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f795f9dc459c44a958c2c3f6ebd23a4cbe2d16469164e31ce1ef133f9cff3c76
                                                                                                              • Instruction ID: 9eddfe363ce3a8744cc91eebf431904b11943b6fad8258a15babe95b7455691d
                                                                                                              • Opcode Fuzzy Hash: f795f9dc459c44a958c2c3f6ebd23a4cbe2d16469164e31ce1ef133f9cff3c76
                                                                                                              • Instruction Fuzzy Hash: 2241DFB0D003499FDB14DFA9C484ADEBFF5EF48314F24842AE419AB250DB75A945CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389261 Relevance: .1, Instructions: 82COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0351d7e6936edaef8a0f838954bfdbd7a2c655aab644b3c4c624888466149f42
                                                                                                              • Instruction ID: b2ba95b081d9c7b19a3313fa943ff565ca72db0a5ce5e7ca9a1660d33407254c
                                                                                                              • Opcode Fuzzy Hash: 0351d7e6936edaef8a0f838954bfdbd7a2c655aab644b3c4c624888466149f42
                                                                                                              • Instruction Fuzzy Hash: F3318271E0031A9BDB05DFA9D9907AEF7B2FF89314F14C669E805BB245DB709841CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 013816A0 Relevance: .1, Instructions: 81COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 946683eb3079063e1b5dfbbe1e31bb7a7bd5e03c39c97175b236e0f261229c4c
                                                                                                              • Instruction ID: e430249147f7bb48b18613835df11792a0d47819dd8ed026c31b3b1215eee93b
                                                                                                              • Opcode Fuzzy Hash: 946683eb3079063e1b5dfbbe1e31bb7a7bd5e03c39c97175b236e0f261229c4c
                                                                                                              • Instruction Fuzzy Hash: 0921E5716003104FDF22BB2DE8447693B65EB45719F100A79E806DB36AD63CDC528B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389270 Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a76769188a990985fcdb9df5162ea32691337af0ec7b4d1f455982ff8b4bdc7c
                                                                                                              • Instruction ID: f6c31f75b9bcb53c9a4ed178f5e56cb4b8f22336a9d0ec9ef977b8b80172a0f3
                                                                                                              • Opcode Fuzzy Hash: a76769188a990985fcdb9df5162ea32691337af0ec7b4d1f455982ff8b4bdc7c
                                                                                                              • Instruction Fuzzy Hash: 29215331E0061A9BDB05DFA9D9907AEF7B6FFC9304F108655E805BB355DB709841CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381380 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f13a0e13b5c0cfa3b7035d971ee84d97f6d503b589f01d43d90267fb61af4d9c
                                                                                                              • Instruction ID: 179ab85cc6f655b0e7973f19b8e2c0c25a088e1f586d855e5fe62be40ee944b3
                                                                                                              • Opcode Fuzzy Hash: f13a0e13b5c0cfa3b7035d971ee84d97f6d503b589f01d43d90267fb61af4d9c
                                                                                                              • Instruction Fuzzy Hash: F521C3716013004FEB367B7CE8443693BA5E74232DF100979E40ADB799DA798D92C781
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389160 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d2844adb7fb00744de3998c8b9693498f4df7618d8f7909d675ecb9a1a9d2256
                                                                                                              • Instruction ID: 20b57db932316e17515aa299d31183c75962ae7eacfa9ea9790b677a7ec51515
                                                                                                              • Opcode Fuzzy Hash: d2844adb7fb00744de3998c8b9693498f4df7618d8f7909d675ecb9a1a9d2256
                                                                                                              • Instruction Fuzzy Hash: 7C21A131E047099BCB19DFA8C544AEEF7B6AFC9318F10852AE815BB350DB70E946CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0132D01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2928848989.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_132d000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 721edbb6456c482abb6ccfb81b0e8307f97ca328594ad5400d88fdfb2137f3fe
                                                                                                              • Instruction ID: 6e4aa89a372256606da4b51f85a67866808b1f5718df293184a6a28e789c97a9
                                                                                                              • Opcode Fuzzy Hash: 721edbb6456c482abb6ccfb81b0e8307f97ca328594ad5400d88fdfb2137f3fe
                                                                                                              • Instruction Fuzzy Hash: 18212271604244DFCB15EF58D8C4B26BBA5FB84318F20C96DD90A0B3A6C33AD807CAA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381878 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c12efb495e6bb99eda49a1158d25c0f813b1877e2360f018a75a403f40683181
                                                                                                              • Instruction ID: 904d184a823d048aaa0693573d134af4590ae604a7f6b4062eadf49bd08a6323
                                                                                                              • Opcode Fuzzy Hash: c12efb495e6bb99eda49a1158d25c0f813b1877e2360f018a75a403f40683181
                                                                                                              • Instruction Fuzzy Hash: 44213B71B103458FDB68EF38C5156AD7BB5AF49208F2004ADD505EB7A1EB369D02CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384F88 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f7c710bd13314b5613c8fe89833975ebc629f54618d12e4a28fd639e6576fa28
                                                                                                              • Instruction ID: 1761a232575b8e5b4daccddf2d17812ebfb598137c1cbea7a7c97234238d1da6
                                                                                                              • Opcode Fuzzy Hash: f7c710bd13314b5613c8fe89833975ebc629f54618d12e4a28fd639e6576fa28
                                                                                                              • Instruction Fuzzy Hash: F02117746002058FDB68EF79C558AADB7F5EB89708F1004ADE406EB364EB769D01CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01389170 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2dd8e1a072ac4c5713b97a3e0905f7f8583a853077d6f1dc71bdbe0002b1fd43
                                                                                                              • Instruction ID: 59a3f27282878286109f1284e3cac6ba246e005cd3cd31e377975159111b737a
                                                                                                              • Opcode Fuzzy Hash: 2dd8e1a072ac4c5713b97a3e0905f7f8583a853077d6f1dc71bdbe0002b1fd43
                                                                                                              • Instruction Fuzzy Hash: E7219231E047099BCB09DFA8D944AEEF7B6AFC9318F10852AE815BB350DB70E945CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381888 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 412c868018669d42c6bf7ac1c488abffc1886cecb98df16df363e07380cb0c46
                                                                                                              • Instruction ID: 56f9b8703a73fcc0d4811e46fc4fe4605a656a692b57ffc7a03246127a6fcdeb
                                                                                                              • Opcode Fuzzy Hash: 412c868018669d42c6bf7ac1c488abffc1886cecb98df16df363e07380cb0c46
                                                                                                              • Instruction Fuzzy Hash: 33213E70B003098FDB58EF78C5156AD77F6AB49249F20046DD506FB360EB358D02CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 013816B0 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: af9ad7c7250977f5ecacd42ee3d50af5c20483942d82c61502d3b7c91fcd3bc7
                                                                                                              • Instruction ID: c295bf0414e0bd2bf6018a13a16c559759218a512f272f2bafca8563e21bf736
                                                                                                              • Opcode Fuzzy Hash: af9ad7c7250977f5ecacd42ee3d50af5c20483942d82c61502d3b7c91fcd3bc7
                                                                                                              • Instruction Fuzzy Hash: 9B2154716002114FDF21FB2DE84476A7BA5EB84719F105A39F80ADB35ADA3C9C528F91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01384F98 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9716414b023fe081771628dffeb660bfbd5843c42f32defe8b0f9f2d74b6162f
                                                                                                              • Instruction ID: 375e9979e4dac0b648fb1845b054c9703e9599c9d84bef0ab99e3528eedc0e0d
                                                                                                              • Opcode Fuzzy Hash: 9716414b023fe081771628dffeb660bfbd5843c42f32defe8b0f9f2d74b6162f
                                                                                                              • Instruction Fuzzy Hash: 102119747002058FDB18EB79C558AADB7F5AB89704F100468E406EB3A4EB769D01CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381488 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: de9d4b1293a59a469c46170a6492661bd0e3909c6e556a9cbd7de44476b2b04f
                                                                                                              • Instruction ID: bca8860ea4223b308ce38b1c08f80902f5da6095c36e6718b348c8f5d2659a73
                                                                                                              • Opcode Fuzzy Hash: de9d4b1293a59a469c46170a6492661bd0e3909c6e556a9cbd7de44476b2b04f
                                                                                                              • Instruction Fuzzy Hash: ED119031E00315DFCF56FFBC84501AEBBB5EF45224B2444B9D806EB241EA3AD842CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0132D006 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2928848989.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_132d000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 160bd979e868d6c864d726c1f472ede341a2db0a95aec190d7285fc1e5d911bd
                                                                                                              • Instruction ID: 21cf97c9d76e451694787efaf0d49761666d5408127f9d387a48b4764a93ebcb
                                                                                                              • Opcode Fuzzy Hash: 160bd979e868d6c864d726c1f472ede341a2db0a95aec190d7285fc1e5d911bd
                                                                                                              • Instruction Fuzzy Hash: 0A2180755083809FCB03DF64D994711BF71EB46218F28C5DAD8498F2A7C33A981ACB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01380848 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: db9e6e7fed4cfd45db203f668de3b21233af9da9ca1e286d0c929a94b5ae2d7c
                                                                                                              • Instruction ID: bc5d7ebf7f1441333f8fe7066a208a5d9068bd2138e1685688d13448fca476cd
                                                                                                              • Opcode Fuzzy Hash: db9e6e7fed4cfd45db203f668de3b21233af9da9ca1e286d0c929a94b5ae2d7c
                                                                                                              • Instruction Fuzzy Hash: F7118C31B203189BEF29BB7DC84432D3A95EB45229F204939F406CF252DA24DDC98BD1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 013817C0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4c7ca92f43b3eb5e596711eff17ebfd55986fd474923c89184907ac52bf0876b
                                                                                                              • Instruction ID: 7aaa8e059b72a4399647009ba1a80b8518530d0408632ef011dfb49bd6e2809b
                                                                                                              • Opcode Fuzzy Hash: 4c7ca92f43b3eb5e596711eff17ebfd55986fd474923c89184907ac52bf0876b
                                                                                                              • Instruction Fuzzy Hash: 0611C1B2E003159FDB21AF7DDD0929E7AA9FB48650F10056AE909D7308EA3488128BC1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01380838 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6afb03da69b5a6ab6c61f636f95a827c96396a0ab3cb6542ed02f7767da82e3e
                                                                                                              • Instruction ID: adc6b468ac7201dbe868a92ce3056de6f43358ae0b94b4c26994504c529cf411
                                                                                                              • Opcode Fuzzy Hash: 6afb03da69b5a6ab6c61f636f95a827c96396a0ab3cb6542ed02f7767da82e3e
                                                                                                              • Instruction Fuzzy Hash: A811A331A153085BDF2A7B79C85436D3E95E746228F10497AF406CF242DA28CDC98BD1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381498 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 59edc9b4750274ac51c926b5f7decb1edddbca6e697bc83a026c337e1590bb53
                                                                                                              • Instruction ID: 59d30636ff785067a26c08560a6149d5a8cef4c6e5180f815c7a462dfdc8b293
                                                                                                              • Opcode Fuzzy Hash: 59edc9b4750274ac51c926b5f7decb1edddbca6e697bc83a026c337e1590bb53
                                                                                                              • Instruction Fuzzy Hash: 72012D31E013159FCB65FFBC84501AEBBF5EF48214B144479E406E7241EA39D946CBA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01388100 Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 121b99a0275b0fdc555a8c1c151fdc0b45e70ed973a1d9c72c86413d5fd170e8
                                                                                                              • Instruction ID: 4cefd134630470e7849d6aeaaa86feeb8cd92076dfbe065f3f364109e513e893
                                                                                                              • Opcode Fuzzy Hash: 121b99a0275b0fdc555a8c1c151fdc0b45e70ed973a1d9c72c86413d5fd170e8
                                                                                                              • Instruction Fuzzy Hash: 70018F709003199FCB40EFA9E94069EBFB5EB50701F1045B9C409AB259FA396E148B81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01387088 Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e3098c27e40802af4c371214d559d990cfcfadc42e6ec69751375a8c6273489
                                                                                                              • Instruction ID: be01bdf79f204ca9d460927c5d471f21fa6556986e65838a65a9f65858ba1967
                                                                                                              • Opcode Fuzzy Hash: 4e3098c27e40802af4c371214d559d990cfcfadc42e6ec69751375a8c6273489
                                                                                                              • Instruction Fuzzy Hash: 9A01EC35B002048FD724EBB4D958BAC37B6EF88615F1444A8E506DB3B8CB35AD52CB41
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01381524 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f57a8f82f917a05e68c7567b8559e6467543ee7ba2ffb6766c694048d32a2dd6
                                                                                                              • Instruction ID: 112053dc5eef376651ec2965d1d5fbf353d9409930518b5304ed9d7aa249cb11
                                                                                                              • Opcode Fuzzy Hash: f57a8f82f917a05e68c7567b8559e6467543ee7ba2ffb6766c694048d32a2dd6
                                                                                                              • Instruction Fuzzy Hash: DDF02B33A04310CFDB22ABEC98A01ACBFB4EEA412571C4097D406EB251D635D547C721
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01388110 Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.2929069094.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_1380000_HmGUCvTQIacWu7Q.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1010bc10793d98343b16897e11e550665a5cdde476bc10470792bbc57c184c71
                                                                                                              • Instruction ID: 4695389885be5dc04165bcd59d0448834c78bd0d5c2dda50938ef6d91c8817f4
                                                                                                              • Opcode Fuzzy Hash: 1010bc10793d98343b16897e11e550665a5cdde476bc10470792bbc57c184c71
                                                                                                              • Instruction Fuzzy Hash: 81F04F70A002199FCB44FFA9F98059DBFF5EB50706F5046B8C409AB258FE392F548B81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%