Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0OqTUkeaoD.exe

Overview

General Information

Sample name:0OqTUkeaoD.exe
renamed because original name is a hash value
Original sample name:382539E21E92459EEFB0CC4226164C0E.exe
Analysis ID:1429014
MD5:382539e21e92459eefb0cc4226164c0e
SHA1:4fb26a63477bc7f8d4578f16dcf7b46f4b4159c0
SHA256:59bd03ba739341928ff4414999e991380142f63c6391d012fc58803902c8c7a3
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 0OqTUkeaoD.exe (PID: 4856 cmdline: "C:\Users\user\Desktop\0OqTUkeaoD.exe" MD5: 382539E21E92459EEFB0CC4226164C0E)
    • conhost.exe (PID: 2840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AppLaunch.exe (PID: 2492 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" MD5: 89D41E1CF478A3D3C2C701A27A5692B2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["https://pastebin.com/raw/8baCJyMF"], "Bot Id": "5345987420_99"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: AppLaunch.exe PID: 2492JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: AppLaunch.exe PID: 2492JoeSecurity_RedLineYara detected RedLine StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.0OqTUkeaoD.exe.66d000.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0.2.0OqTUkeaoD.exe.66d000.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x117c1:$v2_1: ListOfProcesses
              • 0x115be:$v4_3: base64str
              • 0x11f89:$v4_4: stringKey
              • 0x101a3:$v4_5: BytesToStringConverted
              • 0xe88d:$v4_6: FromBase64
              • 0x10660:$v4_8: procName
              • 0x1007a:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
              2.2.AppLaunch.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                2.2.AppLaunch.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x268:$pat14: , CommandLine:
                • 0x135c1:$v2_1: ListOfProcesses
                • 0x133be:$v4_3: base64str
                • 0x13d89:$v4_4: stringKey
                • 0x11fa3:$v4_5: BytesToStringConverted
                • 0x1068d:$v4_6: FromBase64
                • 0x12460:$v4_8: procName
                • 0x11e7a:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                0.2.0OqTUkeaoD.exe.66d000.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  Click to see the 3 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:04/20/24-02:07:00.530319
                  SID:2049282
                  Source Port:3306
                  Destination Port:49731
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/20/24-02:07:00.315470
                  SID:2046105
                  Source Port:49731
                  Destination Port:3306
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: 0OqTUkeaoD.exeAvira: detected
                  Found malware configuration
                  Source: 2.2.AppLaunch.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["https://pastebin.com/raw/8baCJyMF"], "Bot Id": "5345987420_99"}
                  Multi AV Scanner detection for submitted file
                  Source: 0OqTUkeaoD.exeReversingLabs: Detection: 83%
                  Source: 0OqTUkeaoD.exeVirustotal: Detection: 54%Perma Link
                  Source: 0OqTUkeaoD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: 0OqTUkeaoD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: ch.pdbxd source: AppLaunch.exe, 00000002.00000002.1716569323.0000000009DF3000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_006569AA FindFirstFileExW,0_2_006569AA

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2046105 ET TROJAN Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound) 192.168.2.4:49731 -> 116.203.6.63:3306
                  Source: TrafficSnort IDS: 2049282 ET TROJAN MetaStealer Activity (Response) 116.203.6.63:3306 -> 192.168.2.4:49731
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://pastebin.com/raw/8baCJyMF
                  Connects to a pastebin service (likely for C&C)
                  Source: unknownDNS query: name: pastebin.com
                  Source: global trafficTCP traffic: 192.168.2.4:49731 -> 116.203.6.63:3306
                  Source: global trafficHTTP traffic detected: GET /raw/8baCJyMF HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
                  Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /raw/8baCJyMF HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: unknownDNS traffic detected: queries for: pastebin.com
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmD
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1Response
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1ResponseD
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2Response
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2ResponseD
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3Response
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3ResponseD
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006F8F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 0OqTUkeaoD.exe, 0OqTUkeaoD.exe, 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                  Source: AppLaunch.exe, 00000002.00000002.1709459784.0000000006881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/8baCJyMF
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.2.0OqTUkeaoD.exe.66d000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.0OqTUkeaoD.exe.66d000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.0OqTUkeaoD.exe.640000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_0065900F0_2_0065900F
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00670B3D0_2_00670B3D
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_006546B00_2_006546B0
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00654FD90_2_00654FD9
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00641FBE0_2_00641FBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_06830A102_2_06830A10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_06830A012_2_06830A01
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0369C02_2_0A0369C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A038FA02_2_0A038FA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0375282_2_0A037528
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A03A3382_2_0A03A338
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A03A3582_2_0A03A358
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A042C542_2_0A042C54
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A048CA02_2_0A048CA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0454C82_2_0A0454C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A042C542_2_0A042C54
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A042C542_2_0A042C54
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A04ACA42_2_0A04ACA4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A04C1902_2_0A04C190
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0EECC02_2_0A0EECC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0E00062_2_0A0E0006
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A0E00402_2_0A0E0040
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: String function: 006456E0 appears 49 times
                  Source: 0OqTUkeaoD.exeBinary or memory string: OriginalFilename vs 0OqTUkeaoD.exe
                  Source: 0OqTUkeaoD.exe, 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRadiogram.exe" vs 0OqTUkeaoD.exe
                  Source: 0OqTUkeaoD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.0OqTUkeaoD.exe.66d000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.0OqTUkeaoD.exe.66d000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.0OqTUkeaoD.exe.640000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@2/2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Microsoft\Wind?wsJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2840:120:WilError_03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMutant created: NULL
                  Source: 0OqTUkeaoD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 0OqTUkeaoD.exeReversingLabs: Detection: 83%
                  Source: 0OqTUkeaoD.exeVirustotal: Detection: 54%
                  Source: unknownProcess created: C:\Users\user\Desktop\0OqTUkeaoD.exe "C:\Users\user\Desktop\0OqTUkeaoD.exe"
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: 0OqTUkeaoD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: 0OqTUkeaoD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: ch.pdbxd source: AppLaunch.exe, 00000002.00000002.1716569323.0000000009DF3000.00000004.00000020.00020000.00000000.sdmp
                  Source: 0OqTUkeaoD.exeStatic PE information: section name: Nomm
                  Source: 0OqTUkeaoD.exeStatic PE information: section name: Home
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00645617 push ecx; ret 0_2_0064562A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A031F5A push E802005Eh; retf 2_2_0A031F61
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A031F62 push E801025Eh; ret 2_2_0A031F69
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A03DFD2 push cs; ret 2_2_0A03E044
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A03A214 push 7800005Eh; ret 2_2_0A03A219
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A042B10 push 080A01C3h; ret 2_2_0A042B15
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A04369C push ebx; iretd 2_2_0A0436DA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A097C86 push 8BD68B50h; retf 2_2_0A097C8B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: 67F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: 6880000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: 8880000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 1602Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 4170Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 180Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 7044Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 7064Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_006569AA FindFirstFileExW,0_2_006569AA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: AppLaunch.exe, 00000002.00000002.1708752259.0000000000A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00646116 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00646116
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00657B25 mov eax, dword ptr fs:[00000030h]0_2_00657B25
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_0064D543 mov ecx, dword ptr fs:[00000030h]0_2_0064D543
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00641E90 mov edi, dword ptr fs:[00000030h]0_2_00641E90
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_0065A124 GetProcessHeap,0_2_0065A124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00646116 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00646116
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00646278 SetUnhandledExceptionFilter,0_2_00646278
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00645E12 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00645E12
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00649E13 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00649E13
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00641889 CreateProcessA,VirtualAllocEx,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_00641889
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 41A000Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 41C000Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 79E008Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00645C1C cpuid 0_2_00645C1C
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: EnumSystemLocalesW,0_2_0065984B
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: EnumSystemLocalesW,0_2_00659800
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: EnumSystemLocalesW,0_2_006598E6
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: EnumSystemLocalesW,0_2_0065016F
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00659971
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetLocaleInfoW,0_2_00659BC4
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00659CED
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_0065955E
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetLocaleInfoW,0_2_00659DF3
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00659EC2
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: GetLocaleInfoW,0_2_00650695
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\0OqTUkeaoD.exeCode function: 0_2_00646010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00646010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: AppLaunch.exe, 00000002.00000002.1716569323.0000000009DD0000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1717023697.0000000009E3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.66d000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.66d000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.640000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 2492, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\binance\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\binance\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 2492, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.66d000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.66d000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.0OqTUkeaoD.exe.640000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 2492, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		411
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		LSASS Memory251
                  Security Software Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares1
                  Clipboard Data                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
                  Process Injection                  		NTDS241
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture1
                  Ingress Tool Transfer                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Deobfuscate/Decode Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeylogging2
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Obfuscated Files or Information                  		Cached Domain Credentials1
                  File and Directory Discovery                  		VNCGUI Input Capture13
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync134
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  0OqTUkeaoD.exe84%ReversingLabsWin32.Trojan.RedLine
                  0OqTUkeaoD.exe54%VirustotalBrowse
                  0OqTUkeaoD.exe100%AviraTR/Kryptik.amkkh

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  aktayho.top0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://www.w3.o0%URL Reputationsafe
                  http://tempuri.org/Contract/MSValue3Response2%VirustotalBrowse
                  http://tempuri.org/2%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue2ResponseD2%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue24%VirustotalBrowse
                  http://tempuri.org/D1%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue31%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue2Response2%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue11%VirustotalBrowse
                  http://tempuri.org/Contract/MSValue3ResponseD2%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  aktayho.top
                  		116.203.6.63
                  		truetrueunknown
                  pastebin.com
                  		104.20.3.235
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://pastebin.com/raw/8baCJyMFfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Contract/MSValue3ResponseDAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://tempuri.org/Contract/MSValue2ResponseAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://tempuri.org/AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000002.00000002.1709459784.0000000006881000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.ip.sb/ip0OqTUkeaoD.exe, 0OqTUkeaoD.exe, 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Contract/MSValue3ResponseAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.ecosia.org/newtab/AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://pastebin.comAppLaunch.exe, 00000002.00000002.1709459784.0000000006881000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Contract/MSValue2ResponseDAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentityAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Contract/MSValue1AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=AppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Contract/MSValue2AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                      http://tempuri.org/Contract/MSValue3AppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                      https://duckduckgo.com/chrome_newtabSAppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://tempuri.org/DAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchAppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.w3.oAppLaunch.exe, 00000002.00000002.1709459784.0000000006F8F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/faultAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponseAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rmDAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/CancelAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoAppLaunch.exe, 00000002.00000002.1712061123.0000000007BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1AppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousAppLaunch.exe, 00000002.00000002.1709459784.00000000068C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2002/12/policyAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dkAppLaunch.exe, 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      104.20.3.235
                                                                                                                                                                                                      		pastebin.comUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      116.203.6.63
                                                                                                                                                                                                      		aktayho.topGermany
                                                                                                                                                                                                      		24940HETZNER-ASDEtrue

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                      Analysis ID:1429014
                                                                                                                                                                                                      Start date and time:2024-04-20 02:06:08 +02:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 3m 41s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:3
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:0OqTUkeaoD.exe
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:382539E21E92459EEFB0CC4226164C0E.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@4/1@2/2
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                                                                                      • Number of executed functions: 438
                                                                                                                                                                                                      • Number of non-executed functions: 50
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Execution Graph export aborted for target AppLaunch.exe, PID 2492 because it is empty
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      02:06:59API Interceptor31x Sleep call for process: AppLaunch.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      104.20.3.235Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        Cheat Lab 2.7.2.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                            F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                              lXxwrV8dZ2.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                                                                                116.203.6.63SecuriteInfo.com.Win32.Evo-gen.24102.32645.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.Win32.Evo-gen.24102.32645.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    pastebin.comF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                    • 172.67.19.24
                                                                                                                                                                                                                    Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    Cheat Lab 2.7.2.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    New Soft Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.4.235
                                                                                                                                                                                                                    pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                    • 104.20.4.235
                                                                                                                                                                                                                    F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    cs2aimwallhack.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.4.235
                                                                                                                                                                                                                    dgxK76VlXC.exeGet hashmaliciousAsyncRAT, StormKitty, SugarDump, VenomRAT, XWorm, XenoRATBrowse
                                                                                                                                                                                                                    • 104.20.4.235
                                                                                                                                                                                                                    lXxwrV8dZ2.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                                                                                    • 104.20.3.235

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    CLOUDFLARENETUShttps://bj8lt4fm8evwyl.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.66.47.24
                                                                                                                                                                                                                    https://jainpokliultachor.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.22.24.131
                                                                                                                                                                                                                    https://pusha1qsn.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 104.21.53.38
                                                                                                                                                                                                                    https://19apmacc8.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.22.24.131
                                                                                                                                                                                                                    https://loo54.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-844-621-0495Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 172.67.208.186
                                                                                                                                                                                                                    https://support1-4ec.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 172.66.44.177
                                                                                                                                                                                                                    https://support-bxv.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 172.66.44.120
                                                                                                                                                                                                                    https://mitchells-place.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                                                    https://tronfwo8b.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 104.21.53.38
                                                                                                                                                                                                                    https://19apmic17.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                    • 172.67.208.186
                                                                                                                                                                                                                    HETZNER-ASDEhttps://wetransfer.com/downloads/63408c72b6333965afb0118ce81f53d220240419112437/2452e85458854b24e1ec42e87285f82420240419112457/7d30d1?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 95.217.208.255
                                                                                                                                                                                                                    UPDATED SSTATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 135.181.124.14
                                                                                                                                                                                                                    REMITTANCE COPY.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 135.181.124.14
                                                                                                                                                                                                                    https://bestprizerhere.life/?u=3w8p605&o=pn1kfzq&t=pshtb_redirectUrl_bodyGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                    • 136.243.216.235
                                                                                                                                                                                                                    New Soft Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 116.203.164.39
                                                                                                                                                                                                                    Oo2yeTdq5J.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 88.198.32.246
                                                                                                                                                                                                                    H8wnVxIEh6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                    • 197.242.86.246
                                                                                                                                                                                                                    QXeoSsX87R.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                    • 144.79.65.41
                                                                                                                                                                                                                    3OcPSlVa7n.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 168.119.31.114
                                                                                                                                                                                                                    http://www.indeks.pt/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 176.9.67.69

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eIMG_210112052.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    https://keenetownhall-my.sharepoint.com/:b:/g/personal/amanda_keenetownhall_org/ESKbqbSIMj5ElsbdsfaEg7oBgkFm5H_JqS97uaySzVhJDQ?e=KMMz4yGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    https://www.canva.com/design/DAGC4eUhMw0/cKr_ImwjL8JW0nUMNMi5QA/view?utm_content=DAGC4eUhMw0&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    z1E-catalogSamples.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    rTDN001-180424_PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    PO-095325.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    W4tW72sfAD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    http://www.sushi-idea.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                    Receipt_032114005.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                    • 104.20.3.235

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2545
                                                                                                                                                                                                                    Entropy (8bit):5.330114603578639
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:MxHKlYHKh3oOfHK7HKhBHKntHo6hAHKzeEHK8THQmHKtXoPHZHpH8HKx1qHxLHqV:iqlYqh3oSq7qLqntI6eqzPqojqo5JcqL
                                                                                                                                                                                                                    MD5:4870BBC48AF7B04D3E7FDC975453CF27
                                                                                                                                                                                                                    SHA1:AEF52988681AC45C04526256982A77436DA7DA6B
                                                                                                                                                                                                                    SHA-256:23963405A980D2B99788D1C2A862D93759F9EC20038919FF5F806B4047215851
                                                                                                                                                                                                                    SHA-512:24A431D305E0C753BC1212C23B6519010FF79293C434E4A007002805F964F4EAEB35ACA1272CA92EB101E81DB678B6155708B43484FFE384C71ADC1DED75D17A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c56

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):6.76464316895322
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                    File name:0OqTUkeaoD.exe
                                                                                                                                                                                                                    File size:276'992 bytes
                                                                                                                                                                                                                    MD5:382539e21e92459eefb0cc4226164c0e
                                                                                                                                                                                                                    SHA1:4fb26a63477bc7f8d4578f16dcf7b46f4b4159c0
                                                                                                                                                                                                                    SHA256:59bd03ba739341928ff4414999e991380142f63c6391d012fc58803902c8c7a3
                                                                                                                                                                                                                    SHA512:2df693c2e62908767b35d50e9a2ff3b3d9941c38b62d690c07fc4c8d6d77c52178692bf3aafb8e18b2307dd6df6b2e4fcfdbcac192caa4cc794af18e2a3f2d73
                                                                                                                                                                                                                    SSDEEP:6144:94Q1lZV//2HP+21rLSYcAOMwuMQb9ycHqfxn/1/b:OQ1ln/AV1yYcFuxycIrb
                                                                                                                                                                                                                    TLSH:91449E4A71C2883AC9333D3646A0F7736A3DB8A58E61A97F33D70B2D4F23648D615536
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z...;...;...;..sI...;..sI...;..sI...;..sI...;...;...;...G...;...G...;...G...;..aG...;..aG...;..Rich.;..................PE..L..

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x40598f
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows cui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x64EDB4E9 [Tue Aug 29 09:05:45 2023 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                    Import Hash:e88a529caf2666acedc4a4b0f2baa386

                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                    Signature Valid:
                                                                                                                                                                                                                    Signature Issuer:
                                                                                                                                                                                                                    Signature Validation Error:
                                                                                                                                                                                                                    Error Number:
                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                        Version:
                                                                                                                                                                                                                        Thumbprint MD5:
                                                                                                                                                                                                                        Thumbprint SHA-1:
                                                                                                                                                                                                                        Thumbprint SHA-256:
                                                                                                                                                                                                                        Serial:

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        call 00007FE8117DDEFEh
                                                                                                                                                                                                                        jmp 00007FE8117DD6A9h
                                                                                                                                                                                                                        jmp 00007FE8117DDCA4h
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                                                                        add ecx, eax
                                                                                                                                                                                                                        movzx eax, word ptr [ecx+14h]
                                                                                                                                                                                                                        lea edx, dword ptr [ecx+18h]
                                                                                                                                                                                                                        add edx, eax
                                                                                                                                                                                                                        movzx eax, word ptr [ecx+06h]
                                                                                                                                                                                                                        imul esi, eax, 28h
                                                                                                                                                                                                                        add esi, edx
                                                                                                                                                                                                                        cmp edx, esi
                                                                                                                                                                                                                        je 00007FE8117DD84Bh
                                                                                                                                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                        cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                                                                        jc 00007FE8117DD83Ch
                                                                                                                                                                                                                        mov eax, dword ptr [edx+08h]
                                                                                                                                                                                                                        add eax, dword ptr [edx+0Ch]
                                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                                        jc 00007FE8117DD83Eh
                                                                                                                                                                                                                        add edx, 28h
                                                                                                                                                                                                                        cmp edx, esi
                                                                                                                                                                                                                        jne 00007FE8117DD81Ch
                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        mov eax, edx
                                                                                                                                                                                                                        jmp 00007FE8117DD82Bh
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call 00007FE8117DE187h
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007FE8117DD852h
                                                                                                                                                                                                                        mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                        mov esi, 0042C148h
                                                                                                                                                                                                                        mov edx, dword ptr [eax+04h]
                                                                                                                                                                                                                        jmp 00007FE8117DD836h
                                                                                                                                                                                                                        cmp edx, eax
                                                                                                                                                                                                                        je 00007FE8117DD842h
                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                        mov ecx, edx
                                                                                                                                                                                                                        lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        jne 00007FE8117DD822h
                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                                                                        jne 00007FE8117DD839h
                                                                                                                                                                                                                        mov byte ptr [0042C14Ch], 00000001h
                                                                                                                                                                                                                        call 00007FE8117DDA28h
                                                                                                                                                                                                                        call 00007FE8117E0723h
                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                        jne 00007FE8117DD836h
                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        call 00007FE8117E7061h
                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                        jne 00007FE8117DD83Ch
                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                        call 00007FE8117E072Ah
                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                        jmp 00007FE8117DD81Bh
                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        cmp byte ptr [0042C14Dh], 00000000h

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2a1fc0x28.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x43a000x3d60
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x460000x199c.reloc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x288d00x1c.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x288100x40.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x1e0000x130.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x1c1cb0x1c200a2d809cd5c9452fa9f397b229b3d71cdFalse0.5946701388888889data6.657397697634865IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x1e0000xc8d40xca00748e8514e6c899ca375ff4c7d59511f1False0.4963644801980198data5.399485793782281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0x2b0000x1c480x10009c5e5d9178e339a7917c0fd3e09cb21aFalse0.180419921875data2.8593544449054464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        Nomm0x2d0000x17e000x17e00b0f61bd9d4f27cf6c43fffeea35a13f9False0.453840804973822data5.937847379483041IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        Home0x450000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .reloc0x460000x199c0x1a00bdaffd24b78dddc76d54c8ef5a78a1c7False0.7765925480769231data6.539068524712116IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllEncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapFree, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        04/20/24-02:07:00.530319TCP2049282ET TROJAN MetaStealer Activity (Response)330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        04/20/24-02:07:00.315470TCP2046105ET TROJAN Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound)497313306192.168.2.4116.203.6.63

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.814474106 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.814554930 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.814677954 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.830713987 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.830795050 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.065562963 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.065793037 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.069366932 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.069417953 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.069952965 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.113655090 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.115609884 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.156193972 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.759067059 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.759337902 CEST44349730104.20.3.235192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.759453058 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:58.768893003 CEST49730443192.168.2.4104.20.3.235
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.570298910 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.783590078 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.783976078 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.792706966 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.005956888 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.036284924 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.249778986 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.301023006 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.315469980 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530318975 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530364037 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530405998 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530499935 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530534983 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530539036 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530575991 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530581951 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:00.530637026 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.167805910 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.380872011 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.380995035 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.381259918 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.381356955 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.593889952 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.593945026 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.593978882 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.593985081 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594021082 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594110012 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594420910 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594495058 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594623089 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.594711065 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.595238924 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.595314026 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.806854010 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.806967020 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807091951 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807126999 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807162046 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807193995 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807208061 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807284117 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807324886 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807389021 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807899952 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807931900 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807964087 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.807997942 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.808140039 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.808872938 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.808940887 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.808989048 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809020996 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809052944 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809077024 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809084892 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809118032 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809125900 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809150934 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809190035 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:02.809230089 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.020840883 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.020896912 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.020931959 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.020979881 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.021395922 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022460938 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022547007 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022581100 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022614002 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022644997 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022675991 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022835016 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.022983074 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023016930 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023047924 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023080111 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023113012 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023144007 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023144960 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023178101 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023209095 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023287058 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023478031 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023509026 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023545980 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023578882 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023901939 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023933887 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023964882 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.023998022 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.024029970 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.024060965 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.024092913 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.234074116 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.234390974 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.234550953 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236248016 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236283064 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236315966 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236346960 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236380100 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236823082 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236938000 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.236968994 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237003088 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237234116 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237266064 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237772942 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237806082 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237838030 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.237869978 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.238033056 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.238065958 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.238096952 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.239207983 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.239326000 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.447612047 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.447669029 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.447726011 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.447760105 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448297977 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448354006 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448386908 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448421001 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448455095 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448487997 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448522091 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.448992014 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449054003 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449088097 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449120045 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449152946 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449654102 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.449846983 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.451787949 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.451914072 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.451946974 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452178001 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452250957 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452745914 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452779055 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452811956 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452845097 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452877045 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452908993 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.452996969 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.453098059 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.453130007 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.453819036 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.453924894 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.453958035 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.454272032 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.454479933 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666419983 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666476965 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666511059 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666543961 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666778088 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666814089 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666846037 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666877031 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666912079 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.666944027 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667392015 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667449951 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667484045 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667515993 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667550087 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667582989 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667613983 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667645931 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.667678118 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.668035984 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.668261051 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669572115 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669606924 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669639111 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669677973 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669711113 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669866085 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.669898033 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.670017004 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.670212030 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671396017 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671428919 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671461105 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671494961 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671605110 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671637058 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671669006 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671700954 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671731949 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671762943 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.671793938 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.672204971 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.672349930 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.881381989 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882116079 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882688046 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882741928 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882777929 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882813931 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882846117 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882879019 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.882913113 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883475065 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883577108 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883610010 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883642912 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883675098 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883759975 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883791924 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883824110 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883856058 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.883888006 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.884290934 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.884490967 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.884896040 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.884929895 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.884960890 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885010004 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885044098 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885427952 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885461092 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885492086 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885525942 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885557890 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885588884 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885621071 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885898113 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885931015 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.885962963 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886038065 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886071920 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886104107 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886135101 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886612892 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886646032 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886763096 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886795998 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886828899 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886862040 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.886894941 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:03.887064934 CEST497313306192.168.2.4116.203.6.63
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.097780943 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098211050 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098443031 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098479033 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098579884 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098613024 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098645926 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098866940 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.098898888 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099231958 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099515915 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099550009 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099581003 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099612951 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099750042 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.099975109 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100009918 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100172997 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100205898 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100238085 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100270033 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100451946 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.100483894 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.106556892 CEST330649731116.203.6.63192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:07:04.115369081 CEST497313306192.168.2.4116.203.6.63

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.687325001 CEST5590353192.168.2.41.1.1.1
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.793083906 CEST53559031.1.1.1192.168.2.4
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.246364117 CEST6170053192.168.2.41.1.1.1
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.555571079 CEST53617001.1.1.1192.168.2.4

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.687325001 CEST192.168.2.41.1.1.10x4268Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.246364117 CEST192.168.2.41.1.1.10xb47bStandard query (0)aktayho.topA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.793083906 CEST1.1.1.1192.168.2.40x4268No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.793083906 CEST1.1.1.1192.168.2.40x4268No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 20, 2024 02:06:57.793083906 CEST1.1.1.1192.168.2.40x4268No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 20, 2024 02:06:59.555571079 CEST1.1.1.1192.168.2.40xb47bNo error (0)aktayho.top116.203.6.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • pastebin.com

                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.449730104.20.3.2354432492C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-04-20 00:06:58 UTC74OUTGET /raw/8baCJyMF HTTP/1.1
                                                                                                                                                                                                                        Host: pastebin.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-04-20 00:06:58 UTC391INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sat, 20 Apr 2024 00:06:58 GMT
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        x-frame-options: DENY
                                                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                                                        x-xss-protection: 1;mode=block
                                                                                                                                                                                                                        cache-control: public, max-age=1801
                                                                                                                                                                                                                        CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                        Last-Modified: Fri, 19 Apr 2024 14:20:35 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8770e4360d7a6767-ATL
                                                                                                                                                                                                                        2024-04-20 00:06:58 UTC38INData Raw: 32 30 0d 0a 44 54 38 64 56 7a 34 78 41 67 67 32 45 56 78 58 42 56 6f 76 55 52 6b 53 4a 42 41 70 44 6c 4e 61 0d 0a
                                                                                                                                                                                                                        Data Ascii: 20DT8dVz4xAgg2EVxXBVovURkSJBApDlNa
                                                                                                                                                                                                                        2024-04-20 00:06:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:02:06:55
                                                                                                                                                                                                                        Start date:20/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\0OqTUkeaoD.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\0OqTUkeaoD.exe"
                                                                                                                                                                                                                        Imagebase:0x640000
                                                                                                                                                                                                                        File size:276'992 bytes
                                                                                                                                                                                                                        MD5 hash:382539E21E92459EEFB0CC4226164C0E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                        Start time:02:06:55
                                                                                                                                                                                                                        Start date:20/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:02:06:56
                                                                                                                                                                                                                        Start date:20/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                                                                                                                                                                        Imagebase:0xde0000
                                                                                                                                                                                                                        File size:103'528 bytes
                                                                                                                                                                                                                        MD5 hash:89D41E1CF478A3D3C2C701A27A5692B2
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.1708588426.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1709459784.0000000006901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:4.5%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:2.1%
                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                          Total number of Limit Nodes:44
                                                                                                                                                                                                                          execution_graph 15422 644462 15423 64446e 15422->15423 15425 6444a5 15423->15425 15428 64b5ce 15423->15428 15429 64b5e1 _Fputc 15428->15429 15438 64b505 15429->15438 15431 64b5f6 15432 649d4b _Fputc 41 API calls 15431->15432 15433 644492 15432->15433 15433->15425 15434 643cdc 15433->15434 15435 643cfb 15434->15435 15436 643d1d 15435->15436 15472 64a23a 15435->15472 15436->15425 15439 64b517 15438->15439 15440 64b53a 15438->15440 15441 649f92 _Fputc 29 API calls 15439->15441 15440->15439 15443 64b561 15440->15443 15442 64b532 15441->15442 15442->15431 15446 64b40a 15443->15446 15447 64b416 __FrameHandler3::FrameUnwindToState 15446->15447 15454 64a280 EnterCriticalSection 15447->15454 15449 64b424 15455 64b465 15449->15455 15451 64b431 15464 64b459 15451->15464 15454->15449 15456 64a63a ___scrt_uninitialize_crt 66 API calls 15455->15456 15457 64b480 15456->15457 15467 650997 15457->15467 15460 650105 __strnicoll 14 API calls 15461 64b4c9 15460->15461 15462 6500cb ___free_lconv_mon 14 API calls 15461->15462 15463 64b4a5 15462->15463 15463->15451 15471 64a294 LeaveCriticalSection 15464->15471 15466 64b442 15466->15431 15468 64b48a 15467->15468 15469 6509ae 15467->15469 15468->15460 15468->15463 15469->15468 15470 6500cb ___free_lconv_mon 14 API calls 15469->15470 15470->15468 15471->15466 15473 64a246 15472->15473 15477 64a25b 15472->15477 15474 64c218 __strnicoll 14 API calls 15473->15474 15475 64a24b 15474->15475 15476 64a00f __strnicoll 41 API calls 15475->15476 15478 64a256 15476->15478 15477->15436 15478->15436 15479 641068 15480 64106d 15479->15480 15483 645bda 15480->15483 15486 645bad 15483->15486 15487 645bc3 15486->15487 15488 645bbc 15486->15488 15495 64f139 15487->15495 15492 64f0bc 15488->15492 15491 641077 15493 64f139 44 API calls 15492->15493 15494 64f0ce 15493->15494 15494->15491 15498 64ee85 15495->15498 15499 64ee91 __FrameHandler3::FrameUnwindToState 15498->15499 15506 64b7b5 EnterCriticalSection 15499->15506 15501 64ee9f 15507 64eee0 15501->15507 15503 64eeac 15517 64eed4 15503->15517 15506->15501 15508 64eefb 15507->15508 15510 64ef6e std::_Lockit::_Lockit 15507->15510 15509 64ef4e 15508->15509 15508->15510 15520 65a0b7 15508->15520 15509->15510 15512 65a0b7 44 API calls 15509->15512 15510->15503 15514 64ef64 15512->15514 15513 64ef44 15515 6500cb ___free_lconv_mon 14 API calls 15513->15515 15516 6500cb ___free_lconv_mon 14 API calls 15514->15516 15515->15509 15516->15510 15548 64b7fd LeaveCriticalSection 15517->15548 15519 64eebd 15519->15491 15521 65a0c4 15520->15521 15522 65a0df 15520->15522 15521->15522 15524 65a0d0 15521->15524 15523 65a0ee 15522->15523 15529 65bbef 15522->15529 15536 654d9a 15523->15536 15526 64c218 __strnicoll 14 API calls 15524->15526 15528 65a0d5 __fread_nolock 15526->15528 15528->15513 15530 65bc0f HeapSize 15529->15530 15531 65bbfa 15529->15531 15530->15523 15532 64c218 __strnicoll 14 API calls 15531->15532 15533 65bbff 15532->15533 15534 64a00f __strnicoll 41 API calls 15533->15534 15535 65bc0a 15534->15535 15535->15523 15537 654da7 15536->15537 15538 654db2 15536->15538 15539 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 15537->15539 15540 654dba 15538->15540 15547 654dc3 __strnicoll 15538->15547 15545 654daf 15539->15545 15543 6500cb ___free_lconv_mon 14 API calls 15540->15543 15541 654ded HeapReAlloc 15541->15545 15541->15547 15542 654dc8 15544 64c218 __strnicoll 14 API calls 15542->15544 15543->15545 15544->15545 15545->15528 15546 64ca6c ctype 2 API calls 15546->15547 15547->15541 15547->15542 15547->15546 15548->15519 15676 64ac7d 15679 64ac9a 15676->15679 15680 64aca6 __FrameHandler3::FrameUnwindToState 15679->15680 15681 64acf0 15680->15681 15682 64acb9 __fread_nolock 15680->15682 15691 64ac95 15680->15691 15692 64a280 EnterCriticalSection 15681->15692 15684 64c218 __strnicoll 14 API calls 15682->15684 15687 64acd3 15684->15687 15685 64acfa 15693 64aa97 15685->15693 15689 64a00f __strnicoll 41 API calls 15687->15689 15689->15691 15692->15685 15697 64aaa8 __fread_nolock 15693->15697 15699 64aac4 15693->15699 15694 64aab4 15695 64c218 __strnicoll 14 API calls 15694->15695 15705 64aab9 15695->15705 15696 64ab06 __fread_nolock 15696->15699 15700 64ac2d __fread_nolock 15696->15700 15701 650bc9 _Fputc 41 API calls 15696->15701 15702 64ad37 __fread_nolock 41 API calls 15696->15702 15709 6529cc 15696->15709 15697->15694 15697->15696 15697->15699 15698 64a00f __strnicoll 41 API calls 15698->15699 15706 64ad2f 15699->15706 15703 64c218 __strnicoll 14 API calls 15700->15703 15701->15696 15702->15696 15703->15705 15705->15698 15814 64a294 LeaveCriticalSection 15706->15814 15708 64ad35 15708->15691 15710 6529f6 15709->15710 15711 6529de 15709->15711 15713 652d4c 15710->15713 15718 652a3c 15710->15718 15712 64c205 __dosmaperr 14 API calls 15711->15712 15714 6529e3 15712->15714 15715 64c205 __dosmaperr 14 API calls 15713->15715 15716 64c218 __strnicoll 14 API calls 15714->15716 15717 652d51 15715->15717 15719 6529eb 15716->15719 15720 64c218 __strnicoll 14 API calls 15717->15720 15718->15719 15721 652a47 15718->15721 15726 652a77 15718->15726 15719->15696 15722 652a54 15720->15722 15723 64c205 __dosmaperr 14 API calls 15721->15723 15727 64a00f __strnicoll 41 API calls 15722->15727 15724 652a4c 15723->15724 15725 64c218 __strnicoll 14 API calls 15724->15725 15725->15722 15728 652a90 15726->15728 15729 652adb 15726->15729 15730 652aaa 15726->15730 15727->15719 15728->15730 15735 652a95 15728->15735 15732 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 15729->15732 15731 64c205 __dosmaperr 14 API calls 15730->15731 15733 652aaf 15731->15733 15734 652aec 15732->15734 15736 64c218 __strnicoll 14 API calls 15733->15736 15739 6500cb ___free_lconv_mon 14 API calls 15734->15739 15737 65a73d __fread_nolock 41 API calls 15735->15737 15740 652ab6 15736->15740 15738 652c28 15737->15738 15741 652c9c 15738->15741 15744 652c41 GetConsoleMode 15738->15744 15742 652af5 15739->15742 15743 64a00f __strnicoll 41 API calls 15740->15743 15746 652ca0 ReadFile 15741->15746 15745 6500cb ___free_lconv_mon 14 API calls 15742->15745 15771 652ac1 __fread_nolock 15743->15771 15744->15741 15749 652c52 15744->15749 15750 652afc 15745->15750 15747 652d14 GetLastError 15746->15747 15748 652cb8 15746->15748 15751 652d21 15747->15751 15752 652c78 15747->15752 15748->15747 15753 652c91 15748->15753 15749->15746 15754 652c58 ReadConsoleW 15749->15754 15755 652b06 15750->15755 15756 652b21 15750->15756 15757 64c218 __strnicoll 14 API calls 15751->15757 15752->15771 15778 64c1be 15752->15778 15766 652cf4 15753->15766 15767 652cdd 15753->15767 15753->15771 15754->15753 15759 652c72 GetLastError 15754->15759 15761 64c218 __strnicoll 14 API calls 15755->15761 15772 652f72 15756->15772 15762 652d26 15757->15762 15759->15752 15760 6500cb ___free_lconv_mon 14 API calls 15760->15719 15764 652b0b 15761->15764 15765 64c205 __dosmaperr 14 API calls 15762->15765 15768 64c205 __dosmaperr 14 API calls 15764->15768 15765->15771 15766->15771 15796 65253e 15766->15796 15783 6526e6 15767->15783 15768->15771 15771->15760 15773 652f86 _Fputc 15772->15773 15802 652e91 15773->15802 15775 652f9b 15776 649d4b _Fputc 41 API calls 15775->15776 15777 652faa 15776->15777 15777->15735 15779 64c205 __dosmaperr 14 API calls 15778->15779 15780 64c1c9 __dosmaperr 15779->15780 15781 64c218 __strnicoll 14 API calls 15780->15781 15782 64c1dc 15781->15782 15782->15771 15808 6523f2 15783->15808 15785 6562cf __strnicoll MultiByteToWideChar 15787 6527fa 15785->15787 15789 652803 GetLastError 15787->15789 15792 65272e 15787->15792 15788 652778 15790 64c218 __strnicoll 14 API calls 15788->15790 15791 64c1be __dosmaperr 14 API calls 15789->15791 15790->15792 15791->15792 15792->15771 15793 652788 15794 652f72 __fread_nolock 43 API calls 15793->15794 15795 652742 15793->15795 15794->15795 15795->15785 15797 652575 15796->15797 15798 65260a ReadFile 15797->15798 15799 652605 15797->15799 15798->15799 15800 652627 15798->15800 15799->15771 15800->15799 15801 652f72 __fread_nolock 43 API calls 15800->15801 15801->15799 15803 657d7b __fread_nolock 41 API calls 15802->15803 15804 652ea3 15803->15804 15805 652ebf SetFilePointerEx 15804->15805 15807 652eab __fread_nolock 15804->15807 15806 652ed7 GetLastError 15805->15806 15805->15807 15806->15807 15807->15775 15809 652426 15808->15809 15810 652495 ReadFile 15809->15810 15811 652490 15809->15811 15810->15811 15812 6524ae 15810->15812 15811->15788 15811->15792 15811->15793 15811->15795 15812->15811 15813 652f72 __fread_nolock 43 API calls 15812->15813 15813->15811 15814->15708 16170 643e2e 16171 643e35 16170->16171 16172 643e81 16170->16172 16175 64a280 EnterCriticalSection 16171->16175 16174 643e3a 16175->16174 17958 64392b 17961 6436b3 17958->17961 17960 643936 error_info_injector 17962 6436e4 17961->17962 17963 6436f6 17962->17963 17965 643f26 17962->17965 17963->17960 17966 643f32 17965->17966 17970 643f4f 17965->17970 17967 643ad4 69 API calls 17966->17967 17968 643f3e 17967->17968 17971 64a3cd 17968->17971 17970->17963 17972 64a3e0 _Fputc 17971->17972 17977 64a2a8 17972->17977 17974 64a3ec 17975 649d4b _Fputc 41 API calls 17974->17975 17976 64a3f8 17975->17976 17976->17970 17978 64a2b4 __FrameHandler3::FrameUnwindToState 17977->17978 17979 64a2e1 17978->17979 17980 64a2be 17978->17980 17987 64a2d9 17979->17987 17988 64a280 EnterCriticalSection 17979->17988 17981 649f92 _Fputc 29 API calls 17980->17981 17981->17987 17983 64a2ff 17989 64a33f 17983->17989 17985 64a30c 18003 64a337 17985->18003 17987->17974 17988->17983 17990 64a34c 17989->17990 17991 64a36f 17989->17991 17992 649f92 _Fputc 29 API calls 17990->17992 17993 64a367 17991->17993 17994 64a63a ___scrt_uninitialize_crt 66 API calls 17991->17994 17992->17993 17993->17985 17995 64a387 17994->17995 17996 650997 14 API calls 17995->17996 17997 64a38f 17996->17997 17998 650bc9 _Fputc 41 API calls 17997->17998 17999 64a39b 17998->17999 18006 650c81 17999->18006 18002 6500cb ___free_lconv_mon 14 API calls 18002->17993 18048 64a294 LeaveCriticalSection 18003->18048 18005 64a33d 18005->17987 18007 650caa 18006->18007 18010 64a3a2 18006->18010 18008 650cf9 18007->18008 18011 650cd1 18007->18011 18009 649f92 _Fputc 29 API calls 18008->18009 18009->18010 18010->17993 18010->18002 18013 650bf0 18011->18013 18014 650bfc __FrameHandler3::FrameUnwindToState 18013->18014 18021 657ca4 EnterCriticalSection 18014->18021 18016 650c0a 18017 650c3b 18016->18017 18022 650d24 18016->18022 18035 650c75 18017->18035 18021->18016 18023 657d7b __fread_nolock 41 API calls 18022->18023 18025 650d34 18023->18025 18024 650d3a 18038 657cea 18024->18038 18025->18024 18027 657d7b __fread_nolock 41 API calls 18025->18027 18034 650d6c 18025->18034 18029 650d63 18027->18029 18028 657d7b __fread_nolock 41 API calls 18030 650d78 CloseHandle 18028->18030 18031 657d7b __fread_nolock 41 API calls 18029->18031 18030->18024 18032 650d84 GetLastError 18030->18032 18031->18034 18032->18024 18033 650d92 __fread_nolock 18033->18017 18034->18024 18034->18028 18047 657cc7 LeaveCriticalSection 18035->18047 18037 650c5e 18037->18010 18039 657d60 18038->18039 18040 657cf9 18038->18040 18041 64c218 __strnicoll 14 API calls 18039->18041 18040->18039 18044 657d23 18040->18044 18042 657d65 18041->18042 18043 64c205 __dosmaperr 14 API calls 18042->18043 18045 657d50 18043->18045 18044->18045 18046 657d4a SetStdHandle 18044->18046 18045->18033 18046->18045 18047->18037 18048->18005 18076 65a136 18077 65a16d 18076->18077 18078 65a14f 18076->18078 18078->18077 18079 650a8d 2 API calls 18078->18079 18079->18078 18084 650b3d 18085 650b49 __FrameHandler3::FrameUnwindToState 18084->18085 18096 64b7b5 EnterCriticalSection 18085->18096 18087 650b50 18097 657c06 18087->18097 18090 650b6e 18116 650b94 18090->18116 18095 650a8d 2 API calls 18095->18090 18096->18087 18098 657c12 __FrameHandler3::FrameUnwindToState 18097->18098 18099 657c3c 18098->18099 18100 657c1b 18098->18100 18119 64b7b5 EnterCriticalSection 18099->18119 18101 64c218 __strnicoll 14 API calls 18100->18101 18103 657c20 18101->18103 18104 64a00f __strnicoll 41 API calls 18103->18104 18105 650b5f 18104->18105 18105->18090 18110 6509d7 GetStartupInfoW 18105->18110 18106 657c74 18127 657c9b 18106->18127 18107 657c48 18107->18106 18120 657b56 18107->18120 18111 6509f4 18110->18111 18113 650a88 18110->18113 18112 657c06 42 API calls 18111->18112 18111->18113 18114 650a1c 18112->18114 18113->18095 18114->18113 18115 650a4c GetFileType 18114->18115 18115->18114 18131 64b7fd LeaveCriticalSection 18116->18131 18118 650b7f 18119->18107 18121 650105 __strnicoll 14 API calls 18120->18121 18123 657b68 18121->18123 18122 657b75 18124 6500cb ___free_lconv_mon 14 API calls 18122->18124 18123->18122 18125 650710 6 API calls 18123->18125 18126 657bca 18124->18126 18125->18123 18126->18107 18130 64b7fd LeaveCriticalSection 18127->18130 18129 657ca2 18129->18105 18130->18129 18131->18118 15228 641d3f 15229 641d7d 15228->15229 15230 641d48 15228->15230 15230->15229 15232 6410d0 15230->15232 15234 6410dc __EH_prolog3_catch _strlen 15232->15234 15242 6416d0 15234->15242 15235 64113b 15250 641cbc 15235->15250 15237 641135 15237->15235 15246 644934 15237->15246 15240 64126d ctype 15240->15230 15243 6416df 15242->15243 15244 6416fd 15243->15244 15262 641dd2 15243->15262 15244->15237 15247 644943 15246->15247 15249 644956 ctype 15246->15249 15247->15235 15249->15247 15270 64b3d0 15249->15270 15251 641265 15250->15251 15253 641cd3 std::ios_base::_Init 15250->15253 15257 6417aa 15251->15257 15252 646adc CallUnexpected RaiseException 15254 641d25 15252->15254 15256 641d0c 15253->15256 15339 641676 15253->15339 15256->15252 15404 643270 15257->15404 15259 6417b2 15261 641784 15259->15261 15408 641b95 15259->15408 15261->15240 15263 641dde __EH_prolog3_catch 15262->15263 15264 641e83 ctype 15263->15264 15265 6416d0 51 API calls 15263->15265 15264->15244 15268 641dfd 15265->15268 15266 641e7b 15267 6417aa 51 API calls 15266->15267 15267->15264 15268->15266 15269 641cbc std::ios_base::_Init 43 API calls 15268->15269 15269->15266 15271 64b3e3 _Fputc 15270->15271 15276 64b1af 15271->15276 15273 64b3f8 15274 649d4b _Fputc 41 API calls 15273->15274 15275 64b405 15274->15275 15275->15247 15277 64b1bd 15276->15277 15278 64b1e5 15276->15278 15277->15278 15279 64b1ec 15277->15279 15280 64b1ca 15277->15280 15278->15273 15284 64b108 15279->15284 15281 649f92 _Fputc 29 API calls 15280->15281 15281->15278 15285 64b114 __FrameHandler3::FrameUnwindToState 15284->15285 15292 64a280 EnterCriticalSection 15285->15292 15287 64b122 15293 64b163 15287->15293 15292->15287 15303 65300b 15293->15303 15300 64b157 15338 64a294 LeaveCriticalSection 15300->15338 15302 64b140 15302->15273 15323 652fd0 15303->15323 15305 65301c 15306 64b17b 15305->15306 15307 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 15305->15307 15310 64b226 15306->15310 15308 653076 15307->15308 15309 6500cb ___free_lconv_mon 14 API calls 15308->15309 15309->15306 15311 64b199 15310->15311 15314 64b238 15310->15314 15319 6530b7 15311->15319 15312 64b246 15313 649f92 _Fputc 29 API calls 15312->15313 15313->15311 15314->15311 15314->15312 15316 64b27c ctype _Fputc 15314->15316 15315 64a63a ___scrt_uninitialize_crt 66 API calls 15315->15316 15316->15311 15316->15315 15317 650bc9 _Fputc 41 API calls 15316->15317 15318 6516cc ___scrt_uninitialize_crt 66 API calls 15316->15318 15317->15316 15318->15316 15320 64b12f 15319->15320 15321 6530c2 15319->15321 15320->15300 15321->15320 15322 64a63a ___scrt_uninitialize_crt 66 API calls 15321->15322 15322->15320 15325 652fdc 15323->15325 15324 652ffd 15324->15305 15325->15324 15326 650bc9 _Fputc 41 API calls 15325->15326 15327 652ff7 15326->15327 15329 65a73d 15327->15329 15330 65a757 15329->15330 15331 65a74a 15329->15331 15334 65a763 15330->15334 15335 64c218 __strnicoll 14 API calls 15330->15335 15332 64c218 __strnicoll 14 API calls 15331->15332 15333 65a74f 15332->15333 15333->15324 15334->15324 15336 65a784 15335->15336 15337 64a00f __strnicoll 41 API calls 15336->15337 15337->15333 15338->15302 15342 641730 15339->15342 15343 6414b1 std::ios_base::_Init 43 API calls 15342->15343 15344 64174f 15343->15344 15351 64152b 15344->15351 15347 641c32 std::ios_base::_Init 41 API calls 15348 641768 15347->15348 15349 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 15348->15349 15350 64168b 15349->15350 15350->15256 15362 64147d 15351->15362 15358 641c32 std::ios_base::_Init 41 API calls 15359 64156e 15358->15359 15360 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 15359->15360 15361 64158d 15360->15361 15361->15347 15363 64149d 15362->15363 15382 641335 15363->15382 15365 6414aa 15366 641b13 15365->15366 15367 641b2d _strlen 15366->15367 15371 641b44 15366->15371 15391 641c63 15367->15391 15368 641c63 std::ios_base::_Init 43 API calls 15370 641b6b 15368->15370 15372 641c32 std::ios_base::_Init 41 API calls 15370->15372 15371->15368 15373 641b73 std::ios_base::_Init 15372->15373 15374 641c32 std::ios_base::_Init 41 API calls 15373->15374 15375 641b86 15374->15375 15376 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 15375->15376 15377 64155b 15376->15377 15378 6416af 15377->15378 15379 6416bc 15378->15379 15380 641629 std::exception::exception 42 API calls 15379->15380 15381 641566 15380->15381 15381->15358 15383 641398 15382->15383 15385 641346 std::ios_base::_Init 15382->15385 15384 641c58 std::ios_base::_Init 43 API calls 15383->15384 15387 64139d 15384->15387 15388 64127a std::ios_base::_Init 43 API calls 15385->15388 15390 641351 std::ios_base::_Init ctype 15385->15390 15386 6413b8 error_info_injector 15386->15365 15387->15386 15389 641ac0 _Deallocate 41 API calls 15387->15389 15388->15390 15389->15386 15390->15365 15392 641ca3 15391->15392 15394 641c79 std::ios_base::_Init 15391->15394 15395 6413ca 15392->15395 15394->15371 15396 641453 15395->15396 15397 6413e3 std::ios_base::_Init 15395->15397 15398 641c58 std::ios_base::_Init 43 API calls 15396->15398 15400 64127a std::ios_base::_Init 43 API calls 15397->15400 15399 641458 15398->15399 15401 641402 std::ios_base::_Init 15400->15401 15402 64139e _Deallocate 41 API calls 15401->15402 15403 641438 std::ios_base::_Init 15401->15403 15402->15403 15403->15394 15404->15259 15405 64709e 15404->15405 15412 648a4a 15405->15412 15407 6470a3 15407->15259 15409 641ba1 __EH_prolog3_catch 15408->15409 15410 641bdd ctype 15409->15410 15411 641cbc std::ios_base::_Init 43 API calls 15409->15411 15410->15261 15411->15410 15413 648a56 GetLastError 15412->15413 15414 648a53 15412->15414 15417 649bc3 15413->15417 15414->15407 15418 649a62 ___vcrt_FlsGetValue 5 API calls 15417->15418 15419 649bdd 15418->15419 15420 649bf5 TlsGetValue 15419->15420 15421 648a6b SetLastError 15419->15421 15420->15421 15421->15407 16219 641000 16224 64349f 16219->16224 16225 6434ab __EH_prolog3 16224->16225 16227 6440c0 16225->16227 16236 643d96 16227->16236 16229 6440cb 16244 64470e 16229->16244 16231 6440de 16232 6440f7 16231->16232 16233 641cbc std::ios_base::_Init 43 API calls 16231->16233 16234 644103 16232->16234 16248 6451ac 16232->16248 16233->16232 16237 643da2 __EH_prolog3 16236->16237 16238 641cbc std::ios_base::_Init 43 API calls 16237->16238 16239 643dd3 16238->16239 16240 6455cb ctype 43 API calls 16239->16240 16241 643dda 16240->16241 16243 643deb ctype 16241->16243 16253 644d14 16241->16253 16243->16229 16245 64471a __EH_prolog3 16244->16245 16363 64340a 16245->16363 16247 644732 std::ios_base::_Ios_base_dtor ctype 16247->16231 16249 644b31 std::_Lockit::_Lockit 7 API calls 16248->16249 16250 6451bc 16249->16250 16251 644b89 std::_Lockit::~_Lockit 2 API calls 16250->16251 16252 6451fa 16251->16252 16252->16234 16254 644d20 __EH_prolog3 16253->16254 16265 644b31 16254->16265 16257 644d5c 16287 644b89 16257->16287 16260 644d3e 16277 644e9c 16260->16277 16263 644d9c ctype 16263->16243 16266 644b47 16265->16266 16267 644b40 16265->16267 16269 644b45 16266->16269 16299 6453a6 EnterCriticalSection 16266->16299 16294 64b814 16267->16294 16269->16257 16271 644e79 16269->16271 16272 6455cb ctype 43 API calls 16271->16272 16273 644e84 16272->16273 16274 644e98 16273->16274 16345 644ba8 16273->16345 16274->16260 16278 644ea8 16277->16278 16279 644d46 16277->16279 16348 645354 16278->16348 16281 644c6c 16279->16281 16282 644c7a 16281->16282 16286 644ca5 ctype 16281->16286 16283 644c86 16282->16283 16284 64a0fb _Yarn 14 API calls 16282->16284 16285 64b82b _Yarn 15 API calls 16283->16285 16283->16286 16284->16283 16285->16286 16286->16257 16288 64b822 16287->16288 16289 644b93 16287->16289 16362 64b7fd LeaveCriticalSection 16288->16362 16290 644ba6 16289->16290 16361 6453b4 LeaveCriticalSection 16289->16361 16290->16263 16293 64b829 16293->16263 16300 65086b 16294->16300 16299->16269 16301 65021a std::_Lockit::_Lockit 5 API calls 16300->16301 16302 650870 16301->16302 16321 650234 16302->16321 16309 650282 std::_Lockit::_Lockit 5 API calls 16310 650884 16309->16310 16330 65029c 16310->16330 16320 65089d 16320->16320 16322 650403 std::_Lockit::_Lockit 5 API calls 16321->16322 16323 65024a 16322->16323 16324 65024e 16323->16324 16325 650403 std::_Lockit::_Lockit 5 API calls 16324->16325 16326 650264 16325->16326 16327 650268 16326->16327 16328 650403 std::_Lockit::_Lockit 5 API calls 16327->16328 16329 65027e 16328->16329 16329->16309 16331 650403 std::_Lockit::_Lockit 5 API calls 16330->16331 16332 6502b2 16331->16332 16333 6502b6 16332->16333 16334 650403 std::_Lockit::_Lockit 5 API calls 16333->16334 16335 6502cc 16334->16335 16336 6502d0 16335->16336 16337 650403 std::_Lockit::_Lockit 5 API calls 16336->16337 16338 6502e6 16337->16338 16339 650304 16338->16339 16340 650403 std::_Lockit::_Lockit 5 API calls 16339->16340 16341 65031a 16340->16341 16342 6502ea 16341->16342 16343 650403 std::_Lockit::_Lockit 5 API calls 16342->16343 16344 650300 16343->16344 16344->16320 16346 644c6c _Yarn 15 API calls 16345->16346 16347 644be2 16346->16347 16347->16260 16349 645364 EncodePointer 16348->16349 16350 64c137 16348->16350 16349->16279 16349->16350 16351 6540da __InternalCxxFrameHandler 2 API calls 16350->16351 16352 64c13c 16351->16352 16353 64c147 16352->16353 16354 65411f __InternalCxxFrameHandler 41 API calls 16352->16354 16355 64c151 IsProcessorFeaturePresent 16353->16355 16356 64c170 16353->16356 16354->16353 16357 64c15d 16355->16357 16358 64d614 __InternalCxxFrameHandler 23 API calls 16356->16358 16359 649e13 __InternalCxxFrameHandler 8 API calls 16357->16359 16360 64c17a 16358->16360 16359->16356 16361->16290 16362->16293 16364 643416 __EH_prolog3 16363->16364 16365 644b31 std::_Lockit::_Lockit 7 API calls 16364->16365 16366 643420 16365->16366 16377 643869 16366->16377 16368 643437 16369 643489 16368->16369 16383 643c30 16368->16383 16370 644b89 std::_Lockit::~_Lockit 2 API calls 16369->16370 16371 643491 ctype 16370->16371 16371->16247 16373 64345a 16373->16369 16374 643499 16373->16374 16393 643e9f 16374->16393 16378 643875 16377->16378 16379 643899 16377->16379 16380 644b31 std::_Lockit::_Lockit 7 API calls 16378->16380 16379->16368 16381 64387f 16380->16381 16382 644b89 std::_Lockit::~_Lockit 2 API calls 16381->16382 16382->16379 16385 643c3c __EH_prolog3 16383->16385 16384 643c8d ctype 16384->16373 16385->16384 16386 6455cb ctype 43 API calls 16385->16386 16387 643c55 ctype 16386->16387 16392 643c7c 16387->16392 16397 6435d3 16387->16397 16390 643c71 16409 64355d 16390->16409 16392->16384 16412 643783 16392->16412 16394 643ead Concurrency::cancel_current_task 16393->16394 16395 646adc CallUnexpected RaiseException 16394->16395 16396 643ebb 16395->16396 16398 6435df __EH_prolog3 16397->16398 16399 644b31 std::_Lockit::_Lockit 7 API calls 16398->16399 16400 6435ec 16399->16400 16401 643635 16400->16401 16402 643620 16400->16402 16438 643250 16401->16438 16429 644e14 16402->16429 16405 643629 ctype 16405->16390 16485 644f29 16409->16485 16515 644e5f 16412->16515 16415 6437be 16417 6437d1 16415->16417 16418 64a0fb _Yarn 14 API calls 16415->16418 16416 64a0fb _Yarn 14 API calls 16416->16415 16419 6437e2 16417->16419 16420 64a0fb _Yarn 14 API calls 16417->16420 16418->16417 16421 6437f3 16419->16421 16422 64a0fb _Yarn 14 API calls 16419->16422 16420->16419 16423 643804 16421->16423 16424 64a0fb _Yarn 14 API calls 16421->16424 16422->16421 16425 64a0fb _Yarn 14 API calls 16423->16425 16427 643815 16423->16427 16424->16423 16425->16427 16426 644b89 std::_Lockit::~_Lockit 2 API calls 16428 643820 16426->16428 16427->16426 16428->16384 16443 64ba8b 16429->16443 16432 644c6c _Yarn 15 API calls 16433 644e38 16432->16433 16434 644e48 16433->16434 16435 64ba8b std::_Locinfo::_Locinfo_dtor 69 API calls 16433->16435 16436 644c6c _Yarn 15 API calls 16434->16436 16435->16434 16437 644e5c 16436->16437 16437->16405 16482 6431e4 16438->16482 16441 646adc CallUnexpected RaiseException 16442 64326f 16441->16442 16444 65086b std::_Lockit::_Lockit 5 API calls 16443->16444 16445 64ba98 16444->16445 16448 64b836 16445->16448 16449 64b842 __FrameHandler3::FrameUnwindToState 16448->16449 16456 64b7b5 EnterCriticalSection 16449->16456 16451 64b850 16457 64b891 16451->16457 16456->16451 16458 64b9f0 std::_Locinfo::_Locinfo_dtor 69 API calls 16457->16458 16459 64b8ac 16458->16459 16460 64fde0 _unexpected 41 API calls 16459->16460 16476 64b85d 16459->16476 16461 64b8b9 16460->16461 16462 65380c std::_Locinfo::_Locinfo_dtor 43 API calls 16461->16462 16463 64b8de 16462->16463 16464 64b8e5 16463->16464 16465 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 16463->16465 16466 64a03c __Getctype 11 API calls 16464->16466 16464->16476 16467 64b90a 16465->16467 16468 64b9ef 16466->16468 16469 65380c std::_Locinfo::_Locinfo_dtor 43 API calls 16467->16469 16467->16476 16470 64b926 16469->16470 16471 64b92d 16470->16471 16472 64b948 16470->16472 16471->16464 16473 64b93f 16471->16473 16475 6500cb ___free_lconv_mon 14 API calls 16472->16475 16477 64b973 16472->16477 16474 6500cb ___free_lconv_mon 14 API calls 16473->16474 16474->16476 16475->16477 16479 64b885 16476->16479 16477->16476 16478 6500cb ___free_lconv_mon 14 API calls 16477->16478 16478->16476 16480 64b7fd std::_Lockit::~_Lockit LeaveCriticalSection 16479->16480 16481 644e20 16480->16481 16481->16432 16483 641629 std::exception::exception 42 API calls 16482->16483 16484 6431f6 16483->16484 16484->16441 16486 64bc24 __Getctype 41 API calls 16485->16486 16487 644f32 __Getctype 16486->16487 16488 644f4c 16487->16488 16489 644f6a 16487->16489 16491 64bac3 __Getctype 41 API calls 16488->16491 16490 64bac3 __Getctype 41 API calls 16489->16490 16492 644f53 16490->16492 16491->16492 16493 64bc49 __Getctype 41 API calls 16492->16493 16494 644f7b 16493->16494 16495 643580 16494->16495 16497 64c0d8 16494->16497 16495->16392 16498 64c0e5 16497->16498 16503 64c120 16497->16503 16499 64b82b _Yarn 15 API calls 16498->16499 16500 64c108 16499->16500 16500->16503 16506 653fa8 16500->16506 16503->16495 16504 64a03c __Getctype 11 API calls 16507 653fb6 16506->16507 16508 653fc4 16506->16508 16507->16508 16511 653fde 16507->16511 16509 64c218 __strnicoll 14 API calls 16508->16509 16514 653fce 16509->16514 16510 64a00f __strnicoll 41 API calls 16512 64c119 16510->16512 16511->16512 16513 64c218 __strnicoll 14 API calls 16511->16513 16512->16503 16512->16504 16513->16514 16514->16510 16516 6437af 16515->16516 16517 644e6b 16515->16517 16516->16415 16516->16416 16518 64ba8b std::_Locinfo::_Locinfo_dtor 69 API calls 16517->16518 16518->16516 14482 64580d 14483 645819 __FrameHandler3::FrameUnwindToState 14482->14483 14506 645a14 14483->14506 14485 645820 14486 645979 14485->14486 14495 64584a __InternalCxxFrameHandler ___scrt_release_startup_lock 14485->14495 14541 646116 IsProcessorFeaturePresent 14486->14541 14488 645980 14521 64d650 14488->14521 14491 64d614 __InternalCxxFrameHandler 23 API calls 14492 64598e 14491->14492 14493 645869 14494 6458ea 14517 64d28e 14494->14517 14495->14493 14495->14494 14524 64d62a 14495->14524 14498 6458f0 14530 646236 GetModuleHandleW 14498->14530 14501 645915 14502 64591e 14501->14502 14532 64d605 14501->14532 14535 645b85 14502->14535 14507 645a1d 14506->14507 14545 645c1c IsProcessorFeaturePresent 14507->14545 14511 645a2e 14512 645a32 14511->14512 14555 64f267 14511->14555 14512->14485 14515 645a49 14515->14485 14518 64d297 14517->14518 14519 64d29c 14517->14519 14627 64cfe8 14518->14627 14519->14498 14986 64d438 14521->14986 14525 64d640 __FrameHandler3::FrameUnwindToState std::_Lockit::_Lockit 14524->14525 14525->14494 14526 64fde0 _unexpected 41 API calls 14525->14526 14528 64f319 14526->14528 14527 64c137 CallUnexpected 41 API calls 14529 64f343 14527->14529 14528->14527 14531 645911 14530->14531 14531->14488 14531->14501 14533 64d438 __InternalCxxFrameHandler 23 API calls 14532->14533 14534 64d610 14533->14534 14534->14502 14536 645b91 14535->14536 14537 645927 14536->14537 15078 64f279 14536->15078 14537->14493 14539 645b9f 14540 64893b ___scrt_uninitialize_crt 7 API calls 14539->14540 14540->14537 14542 64612c __InternalCxxFrameHandler __fread_nolock 14541->14542 14543 6461d7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14542->14543 14544 646222 __InternalCxxFrameHandler 14543->14544 14544->14488 14546 645a29 14545->14546 14547 64891c 14546->14547 14564 6499f7 14547->14564 14551 64892d 14552 648938 14551->14552 14578 649a33 14551->14578 14552->14511 14554 648925 14554->14511 14618 65a13f 14555->14618 14558 64893b 14559 648944 14558->14559 14560 64894e 14558->14560 14561 648ab4 ___vcrt_uninitialize_ptd 6 API calls 14559->14561 14560->14512 14562 648949 14561->14562 14563 649a33 ___vcrt_uninitialize_locks DeleteCriticalSection 14562->14563 14563->14560 14565 649a00 14564->14565 14567 649a29 14565->14567 14568 648921 14565->14568 14582 649c3c 14565->14582 14569 649a33 ___vcrt_uninitialize_locks DeleteCriticalSection 14567->14569 14568->14554 14570 648a81 14568->14570 14569->14568 14599 649b4d 14570->14599 14575 648ab1 14575->14551 14577 648a96 14577->14551 14579 649a5d 14578->14579 14580 649a3e 14578->14580 14579->14554 14581 649a48 DeleteCriticalSection 14580->14581 14581->14579 14581->14581 14587 649a62 14582->14587 14585 649c74 InitializeCriticalSectionAndSpinCount 14586 649c5f 14585->14586 14586->14565 14588 649a7f 14587->14588 14589 649a83 14587->14589 14588->14585 14588->14586 14589->14588 14590 649aeb GetProcAddress 14589->14590 14592 649adc 14589->14592 14594 649b02 LoadLibraryExW 14589->14594 14590->14588 14592->14590 14593 649ae4 FreeLibrary 14592->14593 14593->14590 14595 649b19 GetLastError 14594->14595 14596 649b49 14594->14596 14595->14596 14597 649b24 ___vcrt_FlsGetValue 14595->14597 14596->14589 14597->14596 14598 649b3a LoadLibraryExW 14597->14598 14598->14589 14600 649a62 ___vcrt_FlsGetValue 5 API calls 14599->14600 14601 649b67 14600->14601 14602 649b80 TlsAlloc 14601->14602 14603 648a8b 14601->14603 14603->14577 14604 649bfe 14603->14604 14605 649a62 ___vcrt_FlsGetValue 5 API calls 14604->14605 14606 649c18 14605->14606 14607 649c33 TlsSetValue 14606->14607 14608 648aa4 14606->14608 14607->14608 14608->14575 14609 648ab4 14608->14609 14610 648ac4 14609->14610 14611 648abe 14609->14611 14610->14577 14613 649b88 14611->14613 14614 649a62 ___vcrt_FlsGetValue 5 API calls 14613->14614 14615 649ba2 14614->14615 14616 649bba TlsFree 14615->14616 14617 649bae 14615->14617 14616->14617 14617->14610 14619 65a14f 14618->14619 14620 645a3b 14618->14620 14619->14620 14622 650a8d 14619->14622 14620->14515 14620->14558 14623 650a94 14622->14623 14624 650ad7 GetStdHandle 14623->14624 14625 650b39 14623->14625 14626 650aea GetFileType 14623->14626 14624->14623 14625->14619 14626->14623 14628 64cff1 14627->14628 14631 64d007 14627->14631 14628->14631 14633 64d014 14628->14633 14630 64cffe 14630->14631 14650 64d17f 14630->14650 14631->14519 14634 64d020 14633->14634 14635 64d01d 14633->14635 14658 6573fb 14634->14658 14635->14630 14640 64d031 14642 6500cb ___free_lconv_mon 14 API calls 14640->14642 14641 64d03d 14685 64d06e 14641->14685 14644 64d037 14642->14644 14644->14630 14646 6500cb ___free_lconv_mon 14 API calls 14647 64d061 14646->14647 14648 6500cb ___free_lconv_mon 14 API calls 14647->14648 14649 64d067 14648->14649 14649->14630 14651 64d1f0 14650->14651 14656 64d18e 14650->14656 14651->14631 14652 650105 __strnicoll 14 API calls 14652->14656 14653 64d1f4 14655 6500cb ___free_lconv_mon 14 API calls 14653->14655 14654 65634b WideCharToMultiByte std::_Locinfo::_Locinfo_dtor 14654->14656 14655->14651 14656->14651 14656->14652 14656->14653 14656->14654 14657 6500cb ___free_lconv_mon 14 API calls 14656->14657 14657->14656 14659 657404 14658->14659 14663 64d026 14658->14663 14707 64fe9b 14659->14707 14664 6576fd GetEnvironmentStringsW 14663->14664 14665 657715 14664->14665 14670 64d02b 14664->14670 14666 65634b std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 14665->14666 14667 657732 14666->14667 14668 657747 14667->14668 14669 65773c FreeEnvironmentStringsW 14667->14669 14671 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 14668->14671 14669->14670 14670->14640 14670->14641 14672 65774e 14671->14672 14673 657767 14672->14673 14674 657756 14672->14674 14676 65634b std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 14673->14676 14675 6500cb ___free_lconv_mon 14 API calls 14674->14675 14677 65775b FreeEnvironmentStringsW 14675->14677 14678 657777 14676->14678 14677->14670 14679 657786 14678->14679 14680 65777e 14678->14680 14681 6500cb ___free_lconv_mon 14 API calls 14679->14681 14682 6500cb ___free_lconv_mon 14 API calls 14680->14682 14683 657784 FreeEnvironmentStringsW 14681->14683 14682->14683 14683->14670 14686 64d083 14685->14686 14687 650105 __strnicoll 14 API calls 14686->14687 14688 64d0aa 14687->14688 14689 64d0b2 14688->14689 14698 64d0bc 14688->14698 14690 6500cb ___free_lconv_mon 14 API calls 14689->14690 14706 64d044 14690->14706 14691 64d119 14692 6500cb ___free_lconv_mon 14 API calls 14691->14692 14692->14706 14693 650105 __strnicoll 14 API calls 14693->14698 14694 64d128 14980 64d150 14694->14980 14696 64f344 ___std_exception_copy 41 API calls 14696->14698 14698->14691 14698->14693 14698->14694 14698->14696 14699 64d143 14698->14699 14701 6500cb ___free_lconv_mon 14 API calls 14698->14701 14702 64a03c __Getctype 11 API calls 14699->14702 14700 6500cb ___free_lconv_mon 14 API calls 14703 64d135 14700->14703 14701->14698 14704 64d14f 14702->14704 14705 6500cb ___free_lconv_mon 14 API calls 14703->14705 14705->14706 14706->14646 14708 64fea6 14707->14708 14712 64feac 14707->14712 14709 650614 __strnicoll 6 API calls 14708->14709 14709->14712 14710 650653 __strnicoll 6 API calls 14711 64fec6 14710->14711 14713 64feca 14711->14713 14714 64feb2 14711->14714 14712->14710 14712->14714 14717 650105 __strnicoll 14 API calls 14713->14717 14715 64c137 CallUnexpected 41 API calls 14714->14715 14716 64feb7 14714->14716 14719 64ff30 14715->14719 14735 657206 14716->14735 14718 64fed6 14717->14718 14720 64fef3 14718->14720 14721 64fede 14718->14721 14723 650653 __strnicoll 6 API calls 14720->14723 14722 650653 __strnicoll 6 API calls 14721->14722 14724 64feea 14722->14724 14725 64feff 14723->14725 14728 6500cb ___free_lconv_mon 14 API calls 14724->14728 14726 64ff12 14725->14726 14727 64ff03 14725->14727 14730 64fc0e __strnicoll 14 API calls 14726->14730 14729 650653 __strnicoll 6 API calls 14727->14729 14731 64fef0 14728->14731 14729->14724 14732 64ff1d 14730->14732 14731->14714 14733 6500cb ___free_lconv_mon 14 API calls 14732->14733 14734 64ff24 14733->14734 14734->14716 14758 65735b 14735->14758 14742 657270 14783 657456 14742->14783 14743 657262 14744 6500cb ___free_lconv_mon 14 API calls 14743->14744 14746 657249 14744->14746 14746->14663 14748 6572a8 14749 64c218 __strnicoll 14 API calls 14748->14749 14751 6572ad 14749->14751 14750 6572ef 14753 657338 14750->14753 14794 656e78 14750->14794 14754 6500cb ___free_lconv_mon 14 API calls 14751->14754 14752 6572c3 14752->14750 14755 6500cb ___free_lconv_mon 14 API calls 14752->14755 14757 6500cb ___free_lconv_mon 14 API calls 14753->14757 14754->14746 14755->14750 14757->14746 14759 657367 __FrameHandler3::FrameUnwindToState 14758->14759 14760 657381 14759->14760 14802 64b7b5 EnterCriticalSection 14759->14802 14762 657230 14760->14762 14764 64c137 CallUnexpected 41 API calls 14760->14764 14769 656f86 14762->14769 14765 6573fa 14764->14765 14766 657391 14767 6500cb ___free_lconv_mon 14 API calls 14766->14767 14768 6573bd 14766->14768 14767->14768 14803 6573da 14768->14803 14807 64c22b 14769->14807 14772 656fa7 GetOEMCP 14775 656fd0 14772->14775 14773 656fb9 14774 656fbe GetACP 14773->14774 14773->14775 14774->14775 14775->14746 14776 653151 14775->14776 14777 65318f 14776->14777 14782 65315f __strnicoll 14776->14782 14778 64c218 __strnicoll 14 API calls 14777->14778 14780 65318d 14778->14780 14779 65317a RtlAllocateHeap 14779->14780 14779->14782 14780->14742 14780->14743 14781 64ca6c ctype 2 API calls 14781->14782 14782->14777 14782->14779 14782->14781 14784 656f86 43 API calls 14783->14784 14785 657476 14784->14785 14787 6574b3 IsValidCodePage 14785->14787 14792 6574ef __fread_nolock 14785->14792 14786 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14788 65729d 14786->14788 14789 6574c5 14787->14789 14787->14792 14788->14748 14788->14752 14790 6574f4 GetCPInfo 14789->14790 14793 6574ce __fread_nolock 14789->14793 14790->14792 14790->14793 14792->14786 14876 65705a 14793->14876 14795 656e84 __FrameHandler3::FrameUnwindToState 14794->14795 14954 64b7b5 EnterCriticalSection 14795->14954 14797 656e8e 14955 656ec5 14797->14955 14802->14766 14806 64b7fd LeaveCriticalSection 14803->14806 14805 6573e1 14805->14760 14806->14805 14808 64c242 14807->14808 14809 64c249 14807->14809 14808->14772 14808->14773 14809->14808 14815 64fde0 GetLastError 14809->14815 14816 64fdf6 14815->14816 14817 64fdfc 14815->14817 14818 650614 __strnicoll 6 API calls 14816->14818 14819 650653 __strnicoll 6 API calls 14817->14819 14821 64fe00 SetLastError 14817->14821 14818->14817 14820 64fe18 14819->14820 14820->14821 14823 650105 __strnicoll 14 API calls 14820->14823 14825 64fe95 14821->14825 14826 64c26a 14821->14826 14824 64fe2d 14823->14824 14828 64fe35 14824->14828 14829 64fe46 14824->14829 14827 64c137 CallUnexpected 39 API calls 14825->14827 14842 65384a 14826->14842 14830 64fe9a 14827->14830 14831 650653 __strnicoll 6 API calls 14828->14831 14832 650653 __strnicoll 6 API calls 14829->14832 14834 64fe43 14831->14834 14833 64fe52 14832->14833 14835 64fe56 14833->14835 14836 64fe6d 14833->14836 14838 6500cb ___free_lconv_mon 14 API calls 14834->14838 14837 650653 __strnicoll 6 API calls 14835->14837 14839 64fc0e __strnicoll 14 API calls 14836->14839 14837->14834 14838->14821 14840 64fe78 14839->14840 14841 6500cb ___free_lconv_mon 14 API calls 14840->14841 14841->14821 14843 64c280 14842->14843 14844 65385d 14842->14844 14846 6538a8 14843->14846 14844->14843 14850 658d91 14844->14850 14847 6538d0 14846->14847 14848 6538bb 14846->14848 14847->14808 14848->14847 14871 657443 14848->14871 14851 658d9d __FrameHandler3::FrameUnwindToState 14850->14851 14852 64fde0 _unexpected 41 API calls 14851->14852 14853 658da6 14852->14853 14854 658dec 14853->14854 14863 64b7b5 EnterCriticalSection 14853->14863 14854->14843 14856 658dc4 14864 658e12 14856->14864 14861 64c137 CallUnexpected 41 API calls 14862 658e11 14861->14862 14863->14856 14865 658e20 __Getctype 14864->14865 14867 658dd5 14864->14867 14866 658b45 __Getctype 14 API calls 14865->14866 14865->14867 14866->14867 14868 658df1 14867->14868 14869 64b7fd std::_Lockit::~_Lockit LeaveCriticalSection 14868->14869 14870 658de8 14869->14870 14870->14854 14870->14861 14872 64fde0 _unexpected 41 API calls 14871->14872 14873 657448 14872->14873 14874 65735b __strnicoll 41 API calls 14873->14874 14875 657453 14874->14875 14875->14847 14877 657082 GetCPInfo 14876->14877 14886 65714b 14876->14886 14883 65709a 14877->14883 14877->14886 14879 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14881 657204 14879->14881 14881->14792 14887 653c68 14883->14887 14886->14879 14888 64c22b __strnicoll 41 API calls 14887->14888 14889 653c88 14888->14889 14907 6562cf 14889->14907 14891 653d4c 14894 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14891->14894 14892 653d44 14910 6455ad 14892->14910 14893 653cb5 14893->14891 14893->14892 14896 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 14893->14896 14898 653cda __fread_nolock __alloca_probe_16 14893->14898 14897 653d6f 14894->14897 14896->14898 14902 653f5f 14897->14902 14898->14892 14899 6562cf __strnicoll MultiByteToWideChar 14898->14899 14900 653d25 14899->14900 14900->14892 14901 653d30 GetStringTypeW 14900->14901 14901->14892 14903 64c22b __strnicoll 41 API calls 14902->14903 14904 653f72 14903->14904 14914 653d71 14904->14914 14909 6562e0 MultiByteToWideChar 14907->14909 14909->14893 14911 6455b7 14910->14911 14912 6455c8 14910->14912 14911->14912 14913 64a0fb _Yarn 14 API calls 14911->14913 14912->14891 14913->14912 14915 653d8c ctype 14914->14915 14916 6562cf __strnicoll MultiByteToWideChar 14915->14916 14919 653dd2 14916->14919 14917 653f4a 14918 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14917->14918 14919->14917 14921 653151 std::_Locinfo::_Locinfo_dtor 15 API calls 14919->14921 14923 653df8 __alloca_probe_16 14919->14923 14930 653e7e 14919->14930 14921->14923 14922 6455ad __freea 14 API calls 14922->14917 14924 6562cf __strnicoll MultiByteToWideChar 14923->14924 14923->14930 14930->14922 14954->14797 14965 64ad37 14955->14965 14957 656ee7 14958 64ad37 __fread_nolock 41 API calls 14957->14958 14959 656f06 14958->14959 14960 656e9b 14959->14960 14961 6500cb ___free_lconv_mon 14 API calls 14959->14961 14962 656eb9 14960->14962 14961->14960 14979 64b7fd LeaveCriticalSection 14962->14979 14964 656ea7 14964->14753 14966 64ad48 14965->14966 14970 64ad44 ctype 14965->14970 14967 64ad4f 14966->14967 14972 64ad62 __fread_nolock 14966->14972 14968 64c218 __strnicoll 14 API calls 14967->14968 14969 64ad54 14968->14969 14971 64a00f __strnicoll 41 API calls 14969->14971 14970->14957 14971->14970 14972->14970 14973 64ad90 14972->14973 14974 64ad99 14972->14974 14975 64c218 __strnicoll 14 API calls 14973->14975 14974->14970 14976 64c218 __strnicoll 14 API calls 14974->14976 14977 64ad95 14975->14977 14976->14977 14978 64a00f __strnicoll 41 API calls 14977->14978 14978->14970 14979->14964 14981 64d12e 14980->14981 14982 64d15d 14980->14982 14981->14700 14983 64d174 14982->14983 14985 6500cb ___free_lconv_mon 14 API calls 14982->14985 14984 6500cb ___free_lconv_mon 14 API calls 14983->14984 14984->14981 14985->14982 14987 64d465 14986->14987 14988 64d477 14986->14988 15013 64d500 GetModuleHandleW 14987->15013 14998 64d300 14988->14998 14993 645986 14993->14491 14999 64d30c __FrameHandler3::FrameUnwindToState 14998->14999 15021 64b7b5 EnterCriticalSection 14999->15021 15001 64d316 15022 64d34d 15001->15022 15003 64d323 15026 64d341 15003->15026 15006 64d4cf 15051 64d543 15006->15051 15009 64d4ed 15011 64d565 __InternalCxxFrameHandler 3 API calls 15009->15011 15010 64d4dd GetCurrentProcess TerminateProcess 15010->15009 15012 64d4f5 ExitProcess 15011->15012 15014 64d46a 15013->15014 15014->14988 15015 64d565 GetModuleHandleExW 15014->15015 15016 64d5a4 GetProcAddress 15015->15016 15017 64d5c5 15015->15017 15016->15017 15020 64d5b8 15016->15020 15018 64d476 15017->15018 15019 64d5cb FreeLibrary 15017->15019 15018->14988 15019->15018 15020->15017 15021->15001 15023 64d359 __FrameHandler3::FrameUnwindToState 15022->15023 15024 64d3c0 __InternalCxxFrameHandler 15023->15024 15029 64f0d2 15023->15029 15024->15003 15050 64b7fd LeaveCriticalSection 15026->15050 15028 64d32f 15028->14993 15028->15006 15030 64f0de __EH_prolog3 15029->15030 15033 64ee2a 15030->15033 15032 64f105 ctype 15032->15024 15034 64ee36 __FrameHandler3::FrameUnwindToState 15033->15034 15041 64b7b5 EnterCriticalSection 15034->15041 15036 64ee44 15042 64efe2 15036->15042 15041->15036 15043 64f001 15042->15043 15044 64ee51 15042->15044 15043->15044 15045 6500cb ___free_lconv_mon 14 API calls 15043->15045 15046 64ee79 15044->15046 15045->15044 15049 64b7fd LeaveCriticalSection 15046->15049 15048 64ee62 15048->15032 15049->15048 15050->15028 15056 657b25 GetPEB 15051->15056 15054 64d4d9 15054->15009 15054->15010 15055 64d54d GetPEB 15055->15054 15057 657b3f 15056->15057 15058 64d548 15056->15058 15060 650486 15057->15060 15058->15054 15058->15055 15063 650403 15060->15063 15064 65042d 15063->15064 15065 650431 15063->15065 15064->15058 15065->15064 15070 650338 15065->15070 15068 65044b GetProcAddress 15068->15064 15069 65045b std::_Lockit::_Lockit 15068->15069 15069->15064 15075 650349 ___vcrt_FlsGetValue 15070->15075 15071 6503df 15071->15064 15071->15068 15072 650367 LoadLibraryExW 15073 6503e6 15072->15073 15074 650382 GetLastError 15072->15074 15073->15071 15076 6503f8 FreeLibrary 15073->15076 15074->15075 15075->15071 15075->15072 15077 6503b5 LoadLibraryExW 15075->15077 15076->15071 15077->15073 15077->15075 15079 64f284 15078->15079 15080 64f296 ___scrt_uninitialize_crt 15078->15080 15081 64f292 15079->15081 15083 64a708 15079->15083 15080->14539 15081->14539 15086 64a595 15083->15086 15089 64a489 15086->15089 15090 64a495 __FrameHandler3::FrameUnwindToState 15089->15090 15097 64b7b5 EnterCriticalSection 15090->15097 15092 64a49f ___scrt_uninitialize_crt 15093 64a50b 15092->15093 15098 64a3fd 15092->15098 15106 64a529 15093->15106 15097->15092 15099 64a409 __FrameHandler3::FrameUnwindToState 15098->15099 15109 64a280 EnterCriticalSection 15099->15109 15101 64a413 ___scrt_uninitialize_crt 15102 64a44c 15101->15102 15110 64a6a3 15101->15110 15123 64a47d 15102->15123 15227 64b7fd LeaveCriticalSection 15106->15227 15108 64a517 15108->15081 15109->15101 15111 64a6b8 _Fputc 15110->15111 15112 64a6bf 15111->15112 15113 64a6ca 15111->15113 15115 64a595 ___scrt_uninitialize_crt 70 API calls 15112->15115 15126 64a63a 15113->15126 15116 64a6c5 15115->15116 15118 649d4b _Fputc 41 API calls 15116->15118 15120 64a702 15118->15120 15120->15102 15121 64a6eb 15139 650ea1 15121->15139 15226 64a294 LeaveCriticalSection 15123->15226 15125 64a46b 15125->15092 15127 64a653 15126->15127 15131 64a67a 15126->15131 15128 650bc9 _Fputc 41 API calls 15127->15128 15127->15131 15129 64a66f 15128->15129 15150 6516cc 15129->15150 15131->15116 15132 650bc9 15131->15132 15133 650bd5 15132->15133 15134 650bea 15132->15134 15135 64c218 __strnicoll 14 API calls 15133->15135 15134->15121 15136 650bda 15135->15136 15137 64a00f __strnicoll 41 API calls 15136->15137 15138 650be5 15137->15138 15138->15121 15140 650eb2 15139->15140 15141 650ebf 15139->15141 15143 64c218 __strnicoll 14 API calls 15140->15143 15142 650f08 15141->15142 15145 650ee6 15141->15145 15144 64c218 __strnicoll 14 API calls 15142->15144 15149 650eb7 15143->15149 15146 650f0d 15144->15146 15193 650dff 15145->15193 15148 64a00f __strnicoll 41 API calls 15146->15148 15148->15149 15149->15116 15153 6516d8 __FrameHandler3::FrameUnwindToState 15150->15153 15151 65179c 15152 649f92 _Fputc 29 API calls 15151->15152 15160 6516e0 15152->15160 15153->15151 15154 65172d 15153->15154 15153->15160 15161 657ca4 EnterCriticalSection 15154->15161 15156 651733 15157 651750 15156->15157 15162 6517d4 15156->15162 15190 651794 15157->15190 15160->15131 15161->15156 15163 6517f9 15162->15163 15183 65181c __fread_nolock 15162->15183 15164 6517fd 15163->15164 15166 65185b 15163->15166 15165 649f92 _Fputc 29 API calls 15164->15165 15165->15183 15167 651872 15166->15167 15168 652fb2 ___scrt_uninitialize_crt 43 API calls 15166->15168 15169 651358 ___scrt_uninitialize_crt 42 API calls 15167->15169 15168->15167 15170 65187c 15169->15170 15171 6518c2 15170->15171 15172 651882 15170->15172 15173 651925 WriteFile 15171->15173 15174 6518d6 15171->15174 15175 6518ac 15172->15175 15176 651889 15172->15176 15177 651947 GetLastError 15173->15177 15189 6518bd 15173->15189 15179 651913 15174->15179 15180 6518de 15174->15180 15178 650f1e ___scrt_uninitialize_crt 47 API calls 15175->15178 15176->15183 15184 6512f0 ___scrt_uninitialize_crt 6 API calls 15176->15184 15177->15189 15178->15189 15185 6513d6 ___scrt_uninitialize_crt 7 API calls 15179->15185 15181 651901 15180->15181 15182 6518e3 15180->15182 15187 65159a ___scrt_uninitialize_crt 8 API calls 15181->15187 15182->15183 15186 6518ec 15182->15186 15183->15157 15184->15183 15185->15183 15188 6514b1 ___scrt_uninitialize_crt 7 API calls 15186->15188 15187->15189 15188->15183 15189->15183 15191 657cc7 ___scrt_uninitialize_crt LeaveCriticalSection 15190->15191 15192 65179a 15191->15192 15192->15160 15194 650e0b __FrameHandler3::FrameUnwindToState 15193->15194 15206 657ca4 EnterCriticalSection 15194->15206 15196 650e1a 15204 650e5f 15196->15204 15207 657d7b 15196->15207 15198 64c218 __strnicoll 14 API calls 15200 650e66 15198->15200 15199 650e46 FlushFileBuffers 15199->15200 15201 650e52 GetLastError 15199->15201 15223 650e95 15200->15223 15220 64c205 15201->15220 15204->15198 15206->15196 15208 657d9d 15207->15208 15209 657d88 15207->15209 15212 64c205 __dosmaperr 14 API calls 15208->15212 15214 657dc2 15208->15214 15210 64c205 __dosmaperr 14 API calls 15209->15210 15211 657d8d 15210->15211 15213 64c218 __strnicoll 14 API calls 15211->15213 15215 657dcd 15212->15215 15216 657d95 15213->15216 15214->15199 15217 64c218 __strnicoll 14 API calls 15215->15217 15216->15199 15218 657dd5 15217->15218 15219 64a00f __strnicoll 41 API calls 15218->15219 15219->15216 15221 64ff31 __strnicoll 14 API calls 15220->15221 15222 64c20a 15221->15222 15222->15204 15224 657cc7 ___scrt_uninitialize_crt LeaveCriticalSection 15223->15224 15225 650e7e 15224->15225 15225->15149 15226->15125 15227->15108 18132 644109 18134 644125 18132->18134 18137 64412c 18132->18137 18133 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18135 64420f 18133->18135 18134->18133 18136 644175 18136->18134 18141 6432ba 18136->18141 18137->18134 18137->18136 18139 6441d2 18137->18139 18139->18134 18140 64b3d0 69 API calls 18139->18140 18140->18134 18144 64aa63 18141->18144 18145 64aa76 _Fputc 18144->18145 18150 64a909 18145->18150 18147 64aa85 18148 649d4b _Fputc 41 API calls 18147->18148 18149 6432ca 18148->18149 18149->18134 18151 64a915 __FrameHandler3::FrameUnwindToState 18150->18151 18152 64a942 18151->18152 18153 64a91e 18151->18153 18164 64a280 EnterCriticalSection 18152->18164 18155 649f92 _Fputc 29 API calls 18153->18155 18163 64a937 _Fputc 18155->18163 18156 64a94b 18157 64a9f6 _Fputc 18156->18157 18158 650bc9 _Fputc 41 API calls 18156->18158 18165 64aa2e 18157->18165 18161 64a964 18158->18161 18160 64a9c5 18162 649f92 _Fputc 29 API calls 18160->18162 18161->18157 18161->18160 18162->18163 18163->18147 18164->18156 18168 64a294 LeaveCriticalSection 18165->18168 18167 64aa34 18167->18163 18168->18167 16671 644219 16672 64422c 16671->16672 16674 644240 16672->16674 16675 64b701 16672->16675 16676 64b70d __FrameHandler3::FrameUnwindToState 16675->16676 16677 64b714 16676->16677 16678 64b729 16676->16678 16679 64c218 __strnicoll 14 API calls 16677->16679 16688 64a280 EnterCriticalSection 16678->16688 16681 64b719 16679->16681 16683 64a00f __strnicoll 41 API calls 16681->16683 16682 64b733 16689 64b608 16682->16689 16685 64b724 16683->16685 16685->16674 16688->16682 16690 64b620 16689->16690 16692 64b690 16689->16692 16691 650bc9 _Fputc 41 API calls 16690->16691 16695 64b626 16691->16695 16694 64b688 16692->16694 16703 6530f5 16692->16703 16700 64b76c 16694->16700 16695->16692 16696 64b678 16695->16696 16697 64c218 __strnicoll 14 API calls 16696->16697 16698 64b67d 16697->16698 16699 64a00f __strnicoll 41 API calls 16698->16699 16699->16694 16708 64a294 LeaveCriticalSection 16700->16708 16702 64b772 16702->16685 16704 650105 __strnicoll 14 API calls 16703->16704 16705 653112 16704->16705 16706 6500cb ___free_lconv_mon 14 API calls 16705->16706 16707 65311c 16706->16707 16707->16694 16708->16702 18318 64a1ee 18319 64a708 ___scrt_uninitialize_crt 70 API calls 18318->18319 18320 64a1f6 18319->18320 18328 6508ec 18320->18328 18322 64a1fb 18323 650997 14 API calls 18322->18323 18324 64a20a DeleteCriticalSection 18323->18324 18324->18322 18325 64a225 18324->18325 18326 6500cb ___free_lconv_mon 14 API calls 18325->18326 18327 64a230 18326->18327 18329 6508f8 __FrameHandler3::FrameUnwindToState 18328->18329 18338 64b7b5 EnterCriticalSection 18329->18338 18331 65096f 18339 65098e 18331->18339 18332 650903 18332->18331 18334 650943 DeleteCriticalSection 18332->18334 18336 64a3cd 71 API calls 18332->18336 18337 6500cb ___free_lconv_mon 14 API calls 18334->18337 18336->18332 18337->18332 18338->18332 18342 64b7fd LeaveCriticalSection 18339->18342 18341 65097b 18341->18322 18342->18341 16861 6444f9 16862 644505 __EH_prolog3_GS 16861->16862 16865 644552 16862->16865 16866 64456b 16862->16866 16869 64451c 16862->16869 16877 64329a 16865->16877 16880 64a7a2 16866->16880 16904 64562b 16869->16904 16871 64462a 16872 641c32 std::ios_base::_Init 41 API calls 16871->16872 16872->16869 16873 64b701 43 API calls 16875 644643 16873->16875 16874 64458a 16874->16871 16874->16875 16876 64a7a2 43 API calls 16874->16876 16900 64429b 16874->16900 16875->16871 16875->16873 16876->16874 16878 64a7a2 43 API calls 16877->16878 16879 6432a5 16878->16879 16879->16869 16881 64a7ae __FrameHandler3::FrameUnwindToState 16880->16881 16882 64a7d0 16881->16882 16883 64a7b8 16881->16883 16907 64a280 EnterCriticalSection 16882->16907 16884 64c218 __strnicoll 14 API calls 16883->16884 16886 64a7bd 16884->16886 16888 64a00f __strnicoll 41 API calls 16886->16888 16887 64a7da 16889 64a876 16887->16889 16890 650bc9 _Fputc 41 API calls 16887->16890 16899 64a7c8 _Fputc 16888->16899 16908 64a766 16889->16908 16894 64a7f7 16890->16894 16892 64a87c 16915 64a8a6 16892->16915 16894->16889 16895 64a84e 16894->16895 16896 64c218 __strnicoll 14 API calls 16895->16896 16897 64a853 16896->16897 16898 64a00f __strnicoll 41 API calls 16897->16898 16898->16899 16899->16874 16901 6442a7 16900->16901 16902 6442c2 16900->16902 16901->16874 16919 6432d4 16902->16919 16905 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 16904->16905 16906 645635 16905->16906 16906->16906 16907->16887 16909 64a772 16908->16909 16911 64a787 __fread_nolock 16908->16911 16910 64c218 __strnicoll 14 API calls 16909->16910 16912 64a777 16910->16912 16911->16892 16913 64a00f __strnicoll 41 API calls 16912->16913 16914 64a782 16913->16914 16914->16892 16918 64a294 LeaveCriticalSection 16915->16918 16917 64a8ac 16917->16899 16918->16917 16920 6432f3 std::ios_base::_Init 16919->16920 16921 64336f 16919->16921 16924 64127a std::ios_base::_Init 43 API calls 16920->16924 16922 641c58 std::ios_base::_Init 43 API calls 16921->16922 16923 643374 16922->16923 16926 64330f ctype 16924->16926 16925 643347 ctype 16925->16901 16926->16925 16927 64139e _Deallocate 41 API calls 16926->16927 16927->16925 18403 6519d4 18404 6519e1 18403->18404 18408 6519f9 18403->18408 18405 64c218 __strnicoll 14 API calls 18404->18405 18406 6519e6 18405->18406 18407 64a00f __strnicoll 41 API calls 18406->18407 18409 6519f1 18407->18409 18408->18409 18410 651a58 18408->18410 18411 6530f5 14 API calls 18408->18411 18412 650bc9 _Fputc 41 API calls 18410->18412 18411->18410 18413 651a71 18412->18413 18423 6528b8 18413->18423 18416 650bc9 _Fputc 41 API calls 18417 651aaa 18416->18417 18417->18409 18418 650bc9 _Fputc 41 API calls 18417->18418 18419 651ab8 18418->18419 18419->18409 18420 650bc9 _Fputc 41 API calls 18419->18420 18421 651ac6 18420->18421 18422 650bc9 _Fputc 41 API calls 18421->18422 18422->18409 18424 6528c4 __FrameHandler3::FrameUnwindToState 18423->18424 18425 6528e4 18424->18425 18426 6528cc 18424->18426 18428 6529a1 18425->18428 18432 65291a 18425->18432 18427 64c205 __dosmaperr 14 API calls 18426->18427 18429 6528d1 18427->18429 18430 64c205 __dosmaperr 14 API calls 18428->18430 18431 64c218 __strnicoll 14 API calls 18429->18431 18433 6529a6 18430->18433 18434 651a79 18431->18434 18435 652923 18432->18435 18436 652938 18432->18436 18437 64c218 __strnicoll 14 API calls 18433->18437 18434->18409 18434->18416 18438 64c205 __dosmaperr 14 API calls 18435->18438 18453 657ca4 EnterCriticalSection 18436->18453 18448 652930 18437->18448 18440 652928 18438->18440 18445 64c218 __strnicoll 14 API calls 18440->18445 18441 65293e 18442 65296f 18441->18442 18443 65295a 18441->18443 18447 6529cc __fread_nolock 53 API calls 18442->18447 18446 64c218 __strnicoll 14 API calls 18443->18446 18444 64a00f __strnicoll 41 API calls 18444->18434 18445->18448 18449 65295f 18446->18449 18450 65296a 18447->18450 18448->18444 18451 64c205 __dosmaperr 14 API calls 18449->18451 18454 652999 18450->18454 18451->18450 18453->18441 18457 657cc7 LeaveCriticalSection 18454->18457 18456 65299f 18456->18434 18457->18456 16949 6442d3 16950 6442e7 16949->16950 16956 644342 16950->16956 16957 643ad4 16950->16957 16953 64432f 16953->16956 16969 64a8ae 16953->16969 16960 643b3d 16957->16960 16961 643aee 16957->16961 16958 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 16959 643b54 16958->16959 16959->16953 16959->16956 16963 64b0ce 16959->16963 16960->16958 16961->16960 16962 64b3d0 69 API calls 16961->16962 16962->16960 16964 64b0e1 _Fputc 16963->16964 16983 64ae6d 16964->16983 16967 649d4b _Fputc 41 API calls 16968 64b103 16967->16968 16968->16953 16970 64a8ce 16969->16970 16971 64a8b9 16969->16971 16973 64a8d6 16970->16973 16974 64a8eb 16970->16974 16972 64c218 __strnicoll 14 API calls 16971->16972 16976 64a8be 16972->16976 16977 64c218 __strnicoll 14 API calls 16973->16977 17015 652159 16974->17015 16979 64a00f __strnicoll 41 API calls 16976->16979 16980 64a8db 16977->16980 16978 64a8e6 16978->16956 16981 64a8c9 16979->16981 16982 64a00f __strnicoll 41 API calls 16980->16982 16981->16956 16982->16978 16986 64ae79 __FrameHandler3::FrameUnwindToState 16983->16986 16984 64ae7f 16987 649f92 _Fputc 29 API calls 16984->16987 16985 64aeb3 16994 64a280 EnterCriticalSection 16985->16994 16986->16984 16986->16985 16993 64ae9a 16987->16993 16989 64aebf 16995 64afe2 16989->16995 16991 64aed6 17004 64aeff 16991->17004 16993->16967 16994->16989 16996 64aff5 16995->16996 16997 64b008 16995->16997 16996->16991 17007 64af09 16997->17007 16999 64b02b 17000 64a63a ___scrt_uninitialize_crt 66 API calls 16999->17000 17003 64b0b9 16999->17003 17001 64b059 17000->17001 17011 652fb2 17001->17011 17003->16991 17014 64a294 LeaveCriticalSection 17004->17014 17006 64af07 17006->16993 17008 64af1a 17007->17008 17010 64af72 17007->17010 17009 652f72 __fread_nolock 43 API calls 17008->17009 17008->17010 17009->17010 17010->16999 17012 652e91 __fread_nolock 43 API calls 17011->17012 17013 652fcb 17012->17013 17013->17003 17014->17006 17016 65216d _Fputc 17015->17016 17021 651b6e 17016->17021 17019 649d4b _Fputc 41 API calls 17020 652187 17019->17020 17020->16978 17022 651b7a __FrameHandler3::FrameUnwindToState 17021->17022 17023 651ba4 17022->17023 17024 651b81 17022->17024 17032 64a280 EnterCriticalSection 17023->17032 17026 649f92 _Fputc 29 API calls 17024->17026 17031 651b9a 17026->17031 17027 651bb2 17033 651bfd 17027->17033 17029 651bc1 17046 651bf3 17029->17046 17031->17019 17032->17027 17034 651c34 17033->17034 17035 651c0c 17033->17035 17037 650bc9 _Fputc 41 API calls 17034->17037 17036 649f92 _Fputc 29 API calls 17035->17036 17042 651c27 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17036->17042 17038 651c3d 17037->17038 17049 652f54 17038->17049 17041 651ce7 17052 651f5d 17041->17052 17042->17029 17044 651cfe 17044->17042 17064 651d9e 17044->17064 17087 64a294 LeaveCriticalSection 17046->17087 17048 651bfb 17048->17031 17071 652d6b 17049->17071 17053 651f6c ___scrt_uninitialize_crt 17052->17053 17054 650bc9 _Fputc 41 API calls 17053->17054 17056 651f88 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17054->17056 17055 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 17057 652106 17055->17057 17058 652f54 45 API calls 17056->17058 17063 651f94 17056->17063 17057->17042 17059 651fe8 17058->17059 17060 65201a ReadFile 17059->17060 17059->17063 17061 652041 17060->17061 17060->17063 17062 652f54 45 API calls 17061->17062 17062->17063 17063->17055 17065 650bc9 _Fputc 41 API calls 17064->17065 17066 651db1 17065->17066 17067 652f54 45 API calls 17066->17067 17070 651df9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17066->17070 17068 651e4c 17067->17068 17069 652f54 45 API calls 17068->17069 17068->17070 17069->17070 17070->17042 17073 652d77 __FrameHandler3::FrameUnwindToState 17071->17073 17072 652e55 17074 649f92 _Fputc 29 API calls 17072->17074 17073->17072 17075 652dd3 17073->17075 17081 651c5b 17073->17081 17074->17081 17082 657ca4 EnterCriticalSection 17075->17082 17077 652dd9 17078 652dfe 17077->17078 17079 652e91 __fread_nolock 43 API calls 17077->17079 17083 652e4d 17078->17083 17079->17078 17081->17041 17081->17042 17081->17044 17082->17077 17086 657cc7 LeaveCriticalSection 17083->17086 17085 652e53 17085->17081 17086->17085 17087->17048 17199 64fca7 17200 64fcc2 17199->17200 17201 64fcb2 17199->17201 17205 64fcc8 17201->17205 17204 6500cb ___free_lconv_mon 14 API calls 17204->17200 17206 64fce3 17205->17206 17207 64fcdd 17205->17207 17209 6500cb ___free_lconv_mon 14 API calls 17206->17209 17208 6500cb ___free_lconv_mon 14 API calls 17207->17208 17208->17206 17210 64fcef 17209->17210 17211 6500cb ___free_lconv_mon 14 API calls 17210->17211 17212 64fcfa 17211->17212 17213 6500cb ___free_lconv_mon 14 API calls 17212->17213 17214 64fd05 17213->17214 17215 6500cb ___free_lconv_mon 14 API calls 17214->17215 17216 64fd10 17215->17216 17217 6500cb ___free_lconv_mon 14 API calls 17216->17217 17218 64fd1b 17217->17218 17219 6500cb ___free_lconv_mon 14 API calls 17218->17219 17220 64fd26 17219->17220 17221 6500cb ___free_lconv_mon 14 API calls 17220->17221 17222 64fd31 17221->17222 17223 6500cb ___free_lconv_mon 14 API calls 17222->17223 17224 64fd3c 17223->17224 17225 6500cb ___free_lconv_mon 14 API calls 17224->17225 17226 64fd4a 17225->17226 17231 64faf4 17226->17231 17232 64fb00 __FrameHandler3::FrameUnwindToState 17231->17232 17247 64b7b5 EnterCriticalSection 17232->17247 17235 64fb0a 17237 6500cb ___free_lconv_mon 14 API calls 17235->17237 17238 64fb34 17235->17238 17237->17238 17248 64fb53 17238->17248 17239 64fb5f 17240 64fb6b __FrameHandler3::FrameUnwindToState 17239->17240 17252 64b7b5 EnterCriticalSection 17240->17252 17242 64fb75 17253 64fd95 17242->17253 17244 64fb88 17257 64fba8 17244->17257 17247->17235 17251 64b7fd LeaveCriticalSection 17248->17251 17250 64fb41 17250->17239 17251->17250 17252->17242 17254 64fdcb __Getctype 17253->17254 17255 64fda4 __Getctype 17253->17255 17254->17244 17255->17254 17260 658b45 17255->17260 17346 64b7fd LeaveCriticalSection 17257->17346 17259 64fb96 17259->17204 17261 658b5b 17260->17261 17282 658bc5 17260->17282 17264 658b8e 17261->17264 17269 6500cb ___free_lconv_mon 14 API calls 17261->17269 17261->17282 17263 6500cb ___free_lconv_mon 14 API calls 17265 658be7 17263->17265 17266 658bb0 17264->17266 17274 6500cb ___free_lconv_mon 14 API calls 17264->17274 17267 6500cb ___free_lconv_mon 14 API calls 17265->17267 17268 6500cb ___free_lconv_mon 14 API calls 17266->17268 17270 658bfa 17267->17270 17271 658bba 17268->17271 17273 658b83 17269->17273 17275 6500cb ___free_lconv_mon 14 API calls 17270->17275 17276 6500cb ___free_lconv_mon 14 API calls 17271->17276 17272 658c81 17277 6500cb ___free_lconv_mon 14 API calls 17272->17277 17279 657dfb ___free_lconv_mon 14 API calls 17273->17279 17280 658ba5 17274->17280 17281 658c08 17275->17281 17276->17282 17283 658c87 17277->17283 17278 6500cb 14 API calls ___free_lconv_mon 17284 658c21 17278->17284 17279->17264 17288 6582af 17280->17288 17286 6500cb ___free_lconv_mon 14 API calls 17281->17286 17282->17263 17287 658c13 17282->17287 17283->17254 17284->17272 17284->17278 17286->17287 17300 658cb6 17287->17300 17289 6582bc 17288->17289 17299 658314 17288->17299 17290 6500cb ___free_lconv_mon 14 API calls 17289->17290 17293 6582cc 17289->17293 17290->17293 17291 6500cb ___free_lconv_mon 14 API calls 17292 6582de 17291->17292 17294 6500cb ___free_lconv_mon 14 API calls 17292->17294 17296 6582f0 17292->17296 17293->17291 17293->17292 17294->17296 17295 658302 17298 6500cb ___free_lconv_mon 14 API calls 17295->17298 17295->17299 17296->17295 17297 6500cb ___free_lconv_mon 14 API calls 17296->17297 17297->17295 17298->17299 17299->17266 17301 658ce2 17300->17301 17302 658cc3 17300->17302 17301->17284 17302->17301 17306 6587ca 17302->17306 17305 6500cb ___free_lconv_mon 14 API calls 17305->17301 17307 6588a8 17306->17307 17308 6587db 17306->17308 17307->17305 17342 658529 17308->17342 17311 658529 __Getctype 14 API calls 17312 6587ee 17311->17312 17313 658529 __Getctype 14 API calls 17312->17313 17314 6587f9 17313->17314 17315 658529 __Getctype 14 API calls 17314->17315 17316 658804 17315->17316 17317 658529 __Getctype 14 API calls 17316->17317 17318 658812 17317->17318 17319 6500cb ___free_lconv_mon 14 API calls 17318->17319 17320 65881d 17319->17320 17321 6500cb ___free_lconv_mon 14 API calls 17320->17321 17322 658828 17321->17322 17323 6500cb ___free_lconv_mon 14 API calls 17322->17323 17324 658833 17323->17324 17325 658529 __Getctype 14 API calls 17324->17325 17326 658841 17325->17326 17327 658529 __Getctype 14 API calls 17326->17327 17328 65884f 17327->17328 17329 658529 __Getctype 14 API calls 17328->17329 17330 658860 17329->17330 17331 658529 __Getctype 14 API calls 17330->17331 17332 65886e 17331->17332 17333 658529 __Getctype 14 API calls 17332->17333 17334 65887c 17333->17334 17343 65853b 17342->17343 17344 65854a 17343->17344 17345 6500cb ___free_lconv_mon 14 API calls 17343->17345 17344->17311 17345->17343 17346->17259 17447 6444ba 17448 6444f2 17447->17448 17449 6444c3 17447->17449 17449->17448 17452 64a711 17449->17452 17451 6444e5 17453 64a723 17452->17453 17456 64a72c ___scrt_uninitialize_crt 17452->17456 17454 64a595 ___scrt_uninitialize_crt 70 API calls 17453->17454 17455 64a729 17454->17455 17455->17451 17457 64a73d 17456->17457 17460 64a535 17456->17460 17457->17451 17461 64a541 __FrameHandler3::FrameUnwindToState 17460->17461 17468 64a280 EnterCriticalSection 17461->17468 17463 64a54f 17464 64a6a3 ___scrt_uninitialize_crt 70 API calls 17463->17464 17465 64a560 17464->17465 17469 64a589 17465->17469 17468->17463 17472 64a294 LeaveCriticalSection 17469->17472 17471 64a572 17471->17451 17472->17471 14137 642086 14138 642092 __FrameHandler3::FrameUnwindToState 14137->14138 14145 641e90 GetPEB 14138->14145 14140 6420a3 14149 641eda 14140->14149 14144 6420f0 14146 641eda 43 API calls 14145->14146 14148 641ebf FreeConsole 14146->14148 14148->14140 14150 641f43 14149->14150 14154 641f0b 14149->14154 14158 645609 14150->14158 14153 641f57 FindCloseChangeNotification 14153->14144 14154->14150 14155 641f5b 14154->14155 14165 6414b1 14154->14165 14169 641c32 14154->14169 14157 641c32 std::ios_base::_Init 41 API calls 14155->14157 14157->14150 14159 645611 14158->14159 14160 645612 IsProcessorFeaturePresent 14158->14160 14159->14153 14162 645e4f 14160->14162 14177 645e12 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14162->14177 14164 645f32 14164->14153 14166 6414ce _strlen 14165->14166 14178 6412c7 14166->14178 14168 6414db 14168->14154 14170 641c3d 14169->14170 14171 641c46 14169->14171 14172 64139e _Deallocate 41 API calls 14170->14172 14171->14154 14173 649f5b __strnicoll 41 API calls 14171->14173 14172->14171 14174 64a02e 14173->14174 14175 64a03c __Getctype 11 API calls 14174->14175 14176 64a03b 14175->14176 14177->14164 14179 64132f 14178->14179 14180 6412d8 std::ios_base::_Init 14178->14180 14193 641c58 14179->14193 14184 6412e3 std::ios_base::_Init 14180->14184 14185 64127a 14180->14185 14184->14168 14186 641285 14185->14186 14187 64128d 14185->14187 14196 64129c 14186->14196 14189 641299 14187->14189 14209 6455cb 14187->14209 14189->14184 14190 64128b 14190->14184 14192 641297 14192->14184 14427 643230 14193->14427 14197 641c15 ctype 14196->14197 14198 6412ab 14196->14198 14227 646adc 14197->14227 14199 6455cb ctype 43 API calls 14198->14199 14200 6412b1 14199->14200 14200->14190 14201 6412b8 14200->14201 14234 649f5b 14200->14234 14201->14190 14203 641c31 14203->14200 14230 64139e 14203->14230 14208 64a03b 14213 6455d0 14209->14213 14211 6455ea 14211->14192 14213->14211 14214 6455ec 14213->14214 14380 64ca6c 14213->14380 14383 64b82b 14213->14383 14215 641c15 ctype 14214->14215 14216 6455f6 ctype 14214->14216 14217 646adc CallUnexpected RaiseException 14215->14217 14219 646adc CallUnexpected RaiseException 14216->14219 14218 641c31 14217->14218 14221 641c46 14218->14221 14222 64139e _Deallocate 41 API calls 14218->14222 14220 645e0c 14219->14220 14221->14192 14223 649f5b __strnicoll 41 API calls 14221->14223 14222->14221 14224 64a02e 14223->14224 14225 64a03c __Getctype 11 API calls 14224->14225 14226 64a03b 14225->14226 14228 646af6 14227->14228 14229 646b23 RaiseException 14227->14229 14228->14229 14229->14203 14231 6413b8 error_info_injector 14230->14231 14232 6413ab 14230->14232 14231->14200 14244 641ac0 14232->14244 14235 649f6d _Fputc 14234->14235 14251 649f92 14235->14251 14240 64a03c IsProcessorFeaturePresent 14241 64a048 14240->14241 14242 649e13 __InternalCxxFrameHandler 8 API calls 14241->14242 14243 64a05d GetCurrentProcess TerminateProcess 14242->14243 14243->14208 14245 641add 14244->14245 14246 641ada 14244->14246 14247 649f5b __strnicoll 41 API calls 14245->14247 14246->14231 14248 64a02e 14247->14248 14249 64a03c __Getctype 11 API calls 14248->14249 14250 64a03b 14249->14250 14252 649fa2 14251->14252 14254 649fa9 14251->14254 14266 649db0 GetLastError 14252->14266 14259 649f85 14254->14259 14270 649d87 14254->14270 14256 649fde 14257 64a03c __Getctype 11 API calls 14256->14257 14256->14259 14258 64a00e 14257->14258 14260 649d4b 14259->14260 14261 649d57 14260->14261 14262 649d6e 14261->14262 14323 649df6 14261->14323 14264 649df6 _Fputc 41 API calls 14262->14264 14265 649d81 14262->14265 14264->14265 14265->14240 14267 649dc9 14266->14267 14273 64ffe2 14267->14273 14271 649d92 GetLastError SetLastError 14270->14271 14272 649dab 14270->14272 14271->14256 14272->14256 14274 64fff5 14273->14274 14275 64fffb 14273->14275 14295 650614 14274->14295 14294 649de1 SetLastError 14275->14294 14300 650653 14275->14300 14281 650042 14284 650653 __strnicoll 6 API calls 14281->14284 14282 65002d 14283 650653 __strnicoll 6 API calls 14282->14283 14286 650039 14283->14286 14285 65004e 14284->14285 14287 650061 14285->14287 14288 650052 14285->14288 14312 6500cb 14286->14312 14318 64fc0e 14287->14318 14289 650653 __strnicoll 6 API calls 14288->14289 14289->14286 14293 6500cb ___free_lconv_mon 14 API calls 14293->14294 14294->14254 14296 650403 std::_Lockit::_Lockit 5 API calls 14295->14296 14297 650630 14296->14297 14298 650639 14297->14298 14299 65064b TlsGetValue 14297->14299 14298->14275 14301 650403 std::_Lockit::_Lockit 5 API calls 14300->14301 14302 65066f 14301->14302 14303 65068d TlsSetValue 14302->14303 14304 650015 14302->14304 14304->14294 14305 650105 14304->14305 14310 650112 __strnicoll 14305->14310 14306 650152 14308 64c218 __strnicoll 13 API calls 14306->14308 14307 65013d HeapAlloc 14309 650025 14307->14309 14307->14310 14308->14309 14309->14281 14309->14282 14310->14306 14310->14307 14311 64ca6c ctype EnterCriticalSection LeaveCriticalSection 14310->14311 14311->14310 14313 6500d6 HeapFree 14312->14313 14314 650100 14312->14314 14313->14314 14315 6500eb GetLastError 14313->14315 14314->14294 14316 6500f8 __dosmaperr 14315->14316 14317 64c218 __strnicoll 12 API calls 14316->14317 14317->14314 14319 64faa2 __strnicoll EnterCriticalSection LeaveCriticalSection 14318->14319 14320 64fc7c 14319->14320 14321 64fbb4 __strnicoll 14 API calls 14320->14321 14322 64fca5 14321->14322 14322->14293 14324 649e00 14323->14324 14325 649e09 14323->14325 14326 649db0 _Fputc 16 API calls 14324->14326 14325->14262 14327 649e05 14326->14327 14327->14325 14330 64c137 14327->14330 14341 6540da 14330->14341 14333 64c147 14335 64c151 IsProcessorFeaturePresent 14333->14335 14340 64c170 14333->14340 14336 64c15d 14335->14336 14371 649e13 14336->14371 14377 64d614 14340->14377 14342 65400c __InternalCxxFrameHandler EnterCriticalSection LeaveCriticalSection 14341->14342 14343 64c13c 14342->14343 14343->14333 14344 65411f 14343->14344 14345 65412b __FrameHandler3::FrameUnwindToState 14344->14345 14346 64ff31 __strnicoll 14 API calls 14345->14346 14348 654152 __InternalCxxFrameHandler 14345->14348 14351 654158 __InternalCxxFrameHandler 14345->14351 14346->14348 14347 65419f 14349 64c218 __strnicoll 14 API calls 14347->14349 14348->14347 14348->14351 14370 654189 14348->14370 14350 6541a4 14349->14350 14352 64a00f __strnicoll 41 API calls 14350->14352 14353 6541cb 14351->14353 14354 64b7b5 std::_Lockit::_Lockit EnterCriticalSection 14351->14354 14352->14370 14356 65420d 14353->14356 14357 6542fe 14353->14357 14367 65423c 14353->14367 14354->14353 14355 6542ab __InternalCxxFrameHandler LeaveCriticalSection 14359 654282 14355->14359 14362 64fde0 _unexpected 41 API calls 14356->14362 14356->14367 14358 654309 14357->14358 14360 64b7fd std::_Lockit::~_Lockit LeaveCriticalSection 14357->14360 14361 64d614 __InternalCxxFrameHandler 23 API calls 14358->14361 14364 64fde0 _unexpected 41 API calls 14359->14364 14368 654291 14359->14368 14359->14370 14360->14358 14363 654311 14361->14363 14365 654231 14362->14365 14364->14368 14366 64fde0 _unexpected 41 API calls 14365->14366 14366->14367 14367->14355 14369 64fde0 _unexpected 41 API calls 14368->14369 14368->14370 14369->14370 14370->14333 14372 649e2f __InternalCxxFrameHandler __fread_nolock 14371->14372 14373 649e5b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14372->14373 14374 649f2c __InternalCxxFrameHandler 14373->14374 14375 645609 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14374->14375 14376 649f4a 14375->14376 14376->14340 14378 64d438 __InternalCxxFrameHandler 23 API calls 14377->14378 14379 64c17a 14378->14379 14390 64ca99 14380->14390 14388 653151 __strnicoll 14383->14388 14384 65318f 14401 64c218 14384->14401 14386 65317a RtlAllocateHeap 14387 65318d 14386->14387 14386->14388 14387->14213 14388->14384 14388->14386 14389 64ca6c ctype 2 API calls 14388->14389 14389->14388 14391 64caa5 __FrameHandler3::FrameUnwindToState 14390->14391 14396 64b7b5 EnterCriticalSection 14391->14396 14393 64cab0 14397 64caec 14393->14397 14396->14393 14400 64b7fd LeaveCriticalSection 14397->14400 14399 64ca77 14399->14213 14400->14399 14404 64ff31 GetLastError 14401->14404 14403 64c21d 14403->14387 14405 64ff47 14404->14405 14406 64ff4d 14404->14406 14407 650614 __strnicoll 6 API calls 14405->14407 14408 650653 __strnicoll 6 API calls 14406->14408 14424 64ff51 SetLastError 14406->14424 14407->14406 14409 64ff69 14408->14409 14411 650105 __strnicoll 12 API calls 14409->14411 14409->14424 14412 64ff7e 14411->14412 14413 64ff86 14412->14413 14414 64ff97 14412->14414 14416 650653 __strnicoll 6 API calls 14413->14416 14415 650653 __strnicoll 6 API calls 14414->14415 14418 64ffa3 14415->14418 14417 64ff94 14416->14417 14422 6500cb ___free_lconv_mon 12 API calls 14417->14422 14419 64ffa7 14418->14419 14420 64ffbe 14418->14420 14421 650653 __strnicoll 6 API calls 14419->14421 14423 64fc0e __strnicoll 12 API calls 14420->14423 14421->14417 14422->14424 14425 64ffc9 14423->14425 14424->14403 14426 6500cb ___free_lconv_mon 12 API calls 14425->14426 14426->14424 14432 6431aa 14427->14432 14430 646adc CallUnexpected RaiseException 14431 64324f 14430->14431 14435 641629 14432->14435 14438 646a5a 14435->14438 14439 641655 14438->14439 14440 646a67 14438->14440 14439->14430 14440->14439 14441 64b82b _Yarn 15 API calls 14440->14441 14442 646a84 14441->14442 14443 646a94 14442->14443 14446 64f344 14442->14446 14455 64a0fb 14443->14455 14447 64f352 14446->14447 14448 64f360 14446->14448 14447->14448 14450 64f378 14447->14450 14449 64c218 __strnicoll 14 API calls 14448->14449 14454 64f368 14449->14454 14451 64f372 14450->14451 14453 64c218 __strnicoll 14 API calls 14450->14453 14451->14443 14453->14454 14458 64a00f 14454->14458 14456 6500cb ___free_lconv_mon 14 API calls 14455->14456 14457 64a113 14456->14457 14457->14439 14459 649f5b __strnicoll 41 API calls 14458->14459 14460 64a01b 14459->14460 14460->14451 17572 64da8e 17575 64d75a 17572->17575 17576 64d766 __FrameHandler3::FrameUnwindToState 17575->17576 17583 64b7b5 EnterCriticalSection 17576->17583 17578 64d770 17579 64d79e 17578->17579 17581 658e12 __Getctype 14 API calls 17578->17581 17584 64d7bc 17579->17584 17581->17578 17583->17578 17587 64b7fd LeaveCriticalSection 17584->17587 17586 64d7aa 17587->17586 14461 641996 14462 6419a3 ReadProcessMemory VirtualAllocEx 14461->14462 14463 641eda 43 API calls 14461->14463 14464 641eda 43 API calls 14462->14464 14463->14462 14465 6419e8 WriteProcessMemory 14464->14465 14466 641a19 14465->14466 14476 6418c0 14465->14476 14467 641a73 WriteProcessMemory Wow64SetThreadContext 14466->14467 14468 641a2d WriteProcessMemory 14466->14468 14469 641eda 43 API calls 14467->14469 14468->14468 14470 641a70 14468->14470 14471 641ab4 ResumeThread 14469->14471 14470->14467 14472 641abb 14471->14472 14473 641eda 43 API calls 14473->14476 14474 6418f7 CreateProcessA 14474->14472 14474->14476 14475 641937 VirtualAllocEx 14477 641eda 43 API calls 14475->14477 14476->14473 14476->14474 14476->14475 14480 641960 14477->14480 14478 641eda 43 API calls 14478->14480 14479 64197e Wow64GetThreadContext 14479->14472 14479->14480 14480->14478 14480->14479 14481 641eda 43 API calls 14480->14481 14481->14462

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00641889 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 192processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0064190C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00641907
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                                                                                          • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                                          • API String ID: 963392458-448403072
                                                                                                                                                                                                                          • Opcode ID: 101b45f8dd2b9c738e31a4094f12e7a0655270822533e012223f03481d7bf705
                                                                                                                                                                                                                          • Instruction ID: 2bda9b0686fff5d2bb73ec1b95ac99b8a0004ed8e249fe85608a61c11fb251e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 101b45f8dd2b9c738e31a4094f12e7a0655270822533e012223f03481d7bf705
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E761F731E00209BFDF10AFA5CC01FAE7B77FF85310F504159F615BA291D67059909BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00641996 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73injectionthreadprocessCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 69 641996-641997 70 6419a3-641a09 ReadProcessMemory VirtualAllocEx call 641eda WriteProcessMemory 69->70 71 64199e call 641eda 69->71 74 641a19-641a26 70->74 75 641a0b-641a14 call 641eda * 2 70->75 71->70 76 641a73-641ab9 WriteProcessMemory Wow64SetThreadContext call 641eda ResumeThread 74->76 77 641a28-641a2b 74->77 89 6418f5 75->89 90 6418f7-641910 CreateProcessA 75->90 84 641abb-641abf 76->84 79 641a2d-641a6e WriteProcessMemory 77->79 79->79 82 641a70 79->82 82->76 89->90 90->84 91 641916 90->91 92 64191c-641931 call 641eda 91->92 93 641918 91->93 97 641937-641978 VirtualAllocEx call 641eda * 2 92->97 98 641933 92->98 93->92 94 64191a 93->94 94->92 104 64197e-641986 Wow64GetThreadContext 97->104 105 64197a 97->105 98->97 99 641935 98->99 99->97 104->84 107 64198c-64198f 104->107 105->104 106 64197c 105->106 106->104 108 641991 107->108 109 641993-64199e call 641eda 107->109 108->109 109->70
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0064190C
                                                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 006419BA
                                                                                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,00400000,0001E000,00003000,00000040), ref: 006419D2
                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,0066D000,00000200,?), ref: 00641A01
                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,00000053,-0066CA2E,0001A000,00000000), ref: 00641A56
                                                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,0066D0B4,00000004,00000000), ref: 00641A8B
                                                                                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00641AA1
                                                                                                                                                                                                                          • ResumeThread.KERNELBASE(?), ref: 00641AB9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00641907
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$Memory$Write$Thread$AllocContextCreateReadResumeVirtualWow64
                                                                                                                                                                                                                          • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                                                          • API String ID: 353159731-448403072
                                                                                                                                                                                                                          • Opcode ID: 3d333eda3715d07dbf70577aa3212c21bf6c3dc6909eb81cc221735f995f242d
                                                                                                                                                                                                                          • Instruction ID: 1af01c2424cc126eb5121bcd95e5126b3896874a1bf6588f8f6f2faf02049084
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d333eda3715d07dbf70577aa3212c21bf6c3dc6909eb81cc221735f995f242d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721C335D00204BEEF255FA1DC05FAE7B7BFB89710F204149FA15B91A0D6315A50EB68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00641E90 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dea5a3f50d30960a285bab98026435c88a49195ad978d098d5ca574c7bc5525d
                                                                                                                                                                                                                          • Instruction ID: 4f7eca671a71de6d77f94fbc79f07314ff8c344e3b5776253cf4797c8b1fdf89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dea5a3f50d30960a285bab98026435c88a49195ad978d098d5ca574c7bc5525d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F08CBA504605EFCB00DF19E900816F7AAFB863307105396EC299B7E0E730BE409AD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00657B25 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0a10ce4fe12a826ba9cd21b4806a76817f8fec7d3f9472cc913d13d05903d313
                                                                                                                                                                                                                          • Instruction ID: c67ef1a724ccf34a2e67d852c36a2ddf657d14bcdd82341d9a71b2c26f2e8aa3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a10ce4fe12a826ba9cd21b4806a76817f8fec7d3f9472cc913d13d05903d313
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE08C32915228EBCB14DFC8D904D8AF3EEEB44B01F21049ABA01D3200D270DE04D7D0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064D543 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b04565c43ced9c18891eec29a65c636dee9fdd159ca38af7e85f0c4952942bf7
                                                                                                                                                                                                                          • Instruction ID: fcebf9e7d0fc1540f31d0dbd4e66d5a3f5d8c07999fbc732f5ef0f3ddca3be21
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b04565c43ced9c18891eec29a65c636dee9fdd159ca38af7e85f0c4952942bf7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFC08C3480190087CF2DC920A2713E833A7B791B86F8024CCC84B0B742C91EDC86D600
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650338 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 48 650338-650344 49 6503d6-6503d9 48->49 50 6503df 49->50 51 650349-65035a 49->51 52 6503e1-6503e5 50->52 53 650367-650380 LoadLibraryExW 51->53 54 65035c-65035f 51->54 57 6503e6-6503f6 53->57 58 650382-65038b GetLastError 53->58 55 650365 54->55 56 6503ff-650401 54->56 62 6503d3 55->62 56->52 57->56 61 6503f8-6503f9 FreeLibrary 57->61 59 6503c4-6503d1 58->59 60 65038d-65039f call 64fa68 58->60 59->62 60->59 65 6503a1-6503b3 call 64fa68 60->65 61->56 62->49 65->59 68 6503b5-6503c2 LoadLibraryExW 65->68 68->57 68->59
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,73E09E45,?,00650445,?,?,00000000,00000000), ref: 006503F9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                                                                                                                          • Opcode ID: f8dc1a542ff1ae438fed48b6862fb68966583de46fffdeaa80e8996070383c47
                                                                                                                                                                                                                          • Instruction ID: ca8452d81fb94bc8af530da67b74842ff35d98ad39694d680ed8e1f01cc9f4fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8dc1a542ff1ae438fed48b6862fb68966583de46fffdeaa80e8996070383c47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8219331A01212ABEB219B65DC41A9B3B5AAF41766F251124ED59E72D0D7B0EE04C6E0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00653D71 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 111 653d71-653d8a 112 653da0-653da5 111->112 113 653d8c-653d9c call 64c629 111->113 115 653db4-653dda call 6562cf 112->115 116 653da7-653db1 112->116 113->112 119 653d9e 113->119 121 653de0-653deb 115->121 122 653f4d-653f5e call 645609 115->122 116->115 119->112 123 653df1-653df6 121->123 124 653f40 121->124 126 653df8-653e01 call 645bf0 123->126 127 653e0b-653e16 call 653151 123->127 128 653f42 124->128 136 653e21-653e25 126->136 137 653e03-653e09 126->137 127->136 138 653e18 127->138 132 653f44-653f4b call 6455ad 128->132 132->122 136->128 141 653e2b-653e42 call 6562cf 136->141 140 653e1e 137->140 138->140 140->136 141->128 144 653e48-653e5a call 6507d2 141->144 146 653e5f-653e63 144->146 147 653e65-653e6d 146->147 148 653e7e-653e80 146->148 149 653ea7-653eb3 147->149 150 653e6f-653e74 147->150 148->128 153 653eb5-653eb7 149->153 154 653f32 149->154 151 653f26-653f28 150->151 152 653e7a-653e7c 150->152 151->132 152->148 156 653e85-653e9f call 6507d2 152->156 157 653ecc-653ed7 call 653151 153->157 158 653eb9-653ec2 call 645bf0 153->158 155 653f34-653f3b call 6455ad 154->155 155->148 156->151 168 653ea5 156->168 157->155 167 653ed9 157->167 158->155 169 653ec4-653eca 158->169 170 653edf-653ee4 167->170 168->148 169->170 170->155 171 653ee6-653efe call 6507d2 170->171 171->155 174 653f00-653f07 171->174 175 653f09-653f0a 174->175 176 653f2a-653f30 174->176 177 653f0b-653f1d call 65634b 175->177 176->177 177->155 180 653f1f-653f25 call 6455ad 177->180 180->151
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00653DF8
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00653EB9
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00653F20
                                                                                                                                                                                                                            • Part of subcall function 00653151: RtlAllocateHeap.NTDLL(00000000,00643241,?,?,00646A84,?,?,?,?,?,00641655,00643241,?,?,?,?), ref: 00653183
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00653F35
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00653F45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1423051803-0
                                                                                                                                                                                                                          • Opcode ID: 2efc5230d754af7d6a528390f844e26d3a271fa0a6b753daa0608200e10ccdc5
                                                                                                                                                                                                                          • Instruction ID: d54024524c53a7498607b34426f6e8ddb54a689fd3ba2463674ad41278d6c391
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2efc5230d754af7d6a528390f844e26d3a271fa0a6b753daa0608200e10ccdc5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8551B172A00126ABEB259F64CC42DFF76ABEF44B91F150129FC05D7311E630CE198664
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006507D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 183 6507d2-6507e1 call 650304 186 6507e3-650808 LCMapStringEx 183->186 187 65080a-650824 call 65082f LCMapStringW 183->187 191 65082a-65082c 186->191 187->191
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LCMapStringEx.KERNELBASE(?,00653E5F,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00650806
                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00653E5F,?,?,00000000,?,00000000), ref: 00650824
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String
                                                                                                                                                                                                                          • String ID: <>d
                                                                                                                                                                                                                          • API String ID: 2568140703-3643440090
                                                                                                                                                                                                                          • Opcode ID: bb85173299be86c5b6617f7d2d023c3443db69c6483e78ad15721ec0a42783df
                                                                                                                                                                                                                          • Instruction ID: 6a00136878ce89322aee15f20e46ddd10342bcb0609060d7eb970ab62419abf6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb85173299be86c5b6617f7d2d023c3443db69c6483e78ad15721ec0a42783df
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF0643240121ABBCF12AF90DC05DDE3E67FF487A2F058024FE1925120CA36CA32AB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064D4CF Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0064D4C9,00000000,00649E12,?,?,73E09E45,00649E12,?), ref: 0064D4E0
                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0064D4C9,00000000,00649E12,?,?,73E09E45,00649E12,?), ref: 0064D4E7
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0064D4F9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                          • Opcode ID: 8cab79b35dfa9536c2363213cd21039fdc68a3c580d1453f50b791fed22866f8
                                                                                                                                                                                                                          • Instruction ID: 70716bb4a7e9a8802e0c32c4f95dcf05046eb915afb81d4cd41eb1dbe4b83191
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cab79b35dfa9536c2363213cd21039fdc68a3c580d1453f50b791fed22866f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62D09E31440208BFDF59BF60DC0DD8D3F3BAF44396B545054F909461B1CF729A62DA54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006517D4 Relevance: 3.2, APIs: 2, Instructions: 191fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 199 6517d4-6517f3 200 6519cd 199->200 201 6517f9-6517fb 199->201 202 6519cf-6519d3 200->202 203 651827-65184d 201->203 204 6517fd-65181c call 649f92 201->204 205 651853-651859 203->205 206 65184f-651851 203->206 212 65181f-651822 204->212 205->204 208 65185b-651865 205->208 206->205 206->208 210 651875-651880 call 651358 208->210 211 651867-651872 call 652fb2 208->211 217 6518c2-6518d4 210->217 218 651882-651887 210->218 211->210 212->202 219 651925-651945 WriteFile 217->219 220 6518d6-6518dc 217->220 221 6518ac-6518c0 call 650f1e 218->221 222 651889-65188d 218->222 223 651947-65194d GetLastError 219->223 224 651950 219->224 226 651913-65191e call 6513d6 220->226 227 6518de-6518e1 220->227 238 6518a5-6518a7 221->238 228 651995-6519a7 222->228 229 651893-6518a2 call 6512f0 222->229 223->224 231 651953-65195e 224->231 244 651923 226->244 232 651901-651911 call 65159a 227->232 233 6518e3-6518e6 227->233 234 6519b1-6519c3 228->234 235 6519a9-6519af 228->235 229->238 239 651960-651965 231->239 240 6519c8-6519cb 231->240 245 6518fc-6518ff 232->245 233->228 241 6518ec-6518f7 call 6514b1 233->241 234->212 235->200 235->234 238->231 246 651967-65196c 239->246 247 651993 239->247 240->202 241->245 244->245 245->238 250 651985-65198e call 64c1e1 246->250 251 65196e-651980 246->251 247->228 250->212 251->212
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00650F1E: GetConsoleOutputCP.KERNEL32(73E09E45,00000000,00000000,00000000), ref: 00650F81
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,0066A080,00000000,0000000C,00000000,00000000,?,00000000,0066A080,00000010,0064B347,00000000,00000000,00000000), ref: 0065193D
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00651947
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2915228174-0
                                                                                                                                                                                                                          • Opcode ID: 26f1e93c2ae7c7439f9af3889018fedbc099529c2147971cb74f0e8244407b8c
                                                                                                                                                                                                                          • Instruction ID: 5cc4f051fa21f4b458cb771e28b8d8b6a1d263c215516df8cd0c92413706e3d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f1e93c2ae7c7439f9af3889018fedbc099529c2147971cb74f0e8244407b8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4561A571D00149AFDF11CFA8C844BEEBBBAAF0A315F144059EC54AF252D375DA49CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00657456 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 254 657456-65747e call 656f86 257 657484-65748a 254->257 258 657646-657647 call 656ff7 254->258 260 65748d-657493 257->260 261 65764c-65764e 258->261 262 657595-6575b4 call 646900 260->262 263 657499-6574a5 260->263 265 65764f-65765d call 645609 261->265 271 6575b7-6575bc 262->271 263->260 266 6574a7-6574ad 263->266 269 6574b3-6574bf IsValidCodePage 266->269 270 65758d-657590 266->270 269->270 273 6574c5-6574cc 269->273 270->265 276 6575be-6575c3 271->276 277 6575f9-657603 271->277 274 6574f4-657501 GetCPInfo 273->274 275 6574ce-6574da 273->275 280 657581-657587 274->280 281 657503-657522 call 646900 274->281 278 6574de-6574ea call 65705a 275->278 282 6575c5-6575cd 276->282 283 6575f6 276->283 277->271 279 657605-65762f call 656f48 277->279 289 6574ef 278->289 293 657630-65763f 279->293 280->258 280->270 281->278 294 657524-65752b 281->294 287 6575cf-6575d2 282->287 288 6575ee-6575f4 282->288 283->277 292 6575d4-6575da 287->292 288->276 288->283 289->261 292->288 295 6575dc-6575ec 292->295 293->293 296 657641 293->296 297 657557-65755a 294->297 298 65752d-657532 294->298 295->288 295->292 296->258 300 65755f-657566 297->300 298->297 299 657534-65753c 298->299 302 65754f-657555 299->302 303 65753e-657545 299->303 300->300 301 657568-65757c call 656f48 300->301 301->278 302->297 302->298 305 657546-65754d 303->305 305->302 305->305
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00656F86: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 00656FB1
                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,0065729D,?,00000000,?,00000000,?), ref: 006574B7
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,0065729D,?,00000000,?,00000000,?), ref: 006574F9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CodeInfoPageValid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 546120528-0
                                                                                                                                                                                                                          • Opcode ID: cec3edac7ab8c230a2b1ff55799ba915397b28f1f96bdd94a0099f817ee8b195
                                                                                                                                                                                                                          • Instruction ID: 2c2c07b298e649196309deac75cca1a283a2a2a7ce70b561c9e2063c6f3aa98a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cec3edac7ab8c230a2b1ff55799ba915397b28f1f96bdd94a0099f817ee8b195
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A551F570A047459FDB20CF39E880AEABBE7EF45301F14456ED896CB351EB749949CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006410D0 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 307 6410d0-641103 call 6456a3 call 64a070 312 641105 307->312 313 64111b-641126 307->313 315 641115-641119 312->315 316 641107-641109 312->316 314 641129-641139 call 6416d0 313->314 322 641145-641159 314->322 323 64113b-641140 314->323 315->314 316->313 318 64110b-64110d 316->318 318->313 319 64110f 318->319 319->315 321 641111-641113 319->321 321->313 321->315 325 641197-6411a7 call 644934 322->325 326 64115b 322->326 324 64124a-641274 call 641cbc call 6417aa call 645617 323->324 330 6411aa-6411ad 325->330 328 64115e-641160 326->328 331 641195 328->331 332 641162 328->332 334 6411f4-6411f9 330->334 335 6411af-6411b1 330->335 331->325 336 641164-641166 332->336 337 641168-64117f call 642107 332->337 338 6411fc-64120d 334->338 335->334 340 6411b3 335->340 336->331 336->337 337->334 345 641181-641193 337->345 338->324 343 6411b6-6411b8 340->343 347 6411ed-6411f2 343->347 348 6411ba 343->348 345->328 347->338 349 6411c0-6411d7 call 642107 348->349 350 6411bc-6411be 348->350 349->334 353 6411d9-6411eb 349->353 350->347 350->349 353->343
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog3_catch_strlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3133806014-0
                                                                                                                                                                                                                          • Opcode ID: 6a5b63261f3d76bee2cda47f4f04ad202b25df3a4bd5d9a7ae66ba5a276b16d3
                                                                                                                                                                                                                          • Instruction ID: 0d3f60e9e69de110e4db1022efa845ff38c50f837a9d63546abd7cd8b5232027
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a5b63261f3d76bee2cda47f4f04ad202b25df3a4bd5d9a7ae66ba5a276b16d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70516271E005148FCB60DF6CC8809ADBBF3AF4A324B254259EA25EF392D7319D81CB54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006513D6 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 355 6513d6-65142b call 646350 358 6514a0-6514b0 call 645609 355->358 359 65142d 355->359 361 651433 359->361 363 651439-65143b 361->363 364 651455-65147a WriteFile 363->364 365 65143d-651442 363->365 368 65147c-651487 364->368 369 651498-65149e GetLastError 364->369 366 651444-65144a 365->366 367 65144b-651453 365->367 366->367 367->363 367->364 368->358 370 651489-651494 368->370 369->358 370->361 371 651496 370->371 371->358
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,00651923,00000000,00000000,00000000,?,0000000C,00000000), ref: 00651472
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00651923,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,0066A080,00000010,0064B347,00000000,00000000), ref: 00651498
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                                                          • Opcode ID: 7bf262bfb2df76ed8c9e0960cd74ff04dfc4cfdf36ba8a7cb159f9f713f774a6
                                                                                                                                                                                                                          • Instruction ID: 982eb0b78b8b3a06e7e70d258cd5abb31c193ffe6f3b8a3c857f2a490ce34890
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bf262bfb2df76ed8c9e0960cd74ff04dfc4cfdf36ba8a7cb159f9f713f774a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25219434A002199BCF19CF19CC80AEDB7FBEB49316F2450A9ED06DB211D7309E86CB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650A8D Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 372 650a8d-650a92 373 650a94-650aac 372->373 374 650aae-650ab2 373->374 375 650aba-650ac3 373->375 374->375 376 650ab4-650ab8 374->376 377 650ad5 375->377 378 650ac5-650ac8 375->378 379 650b2f-650b33 376->379 382 650ad7-650ae4 GetStdHandle 377->382 380 650ad1-650ad3 378->380 381 650aca-650acf 378->381 379->373 383 650b39-650b3c 379->383 380->382 381->382 384 650ae6-650ae8 382->384 385 650b11-650b23 382->385 384->385 386 650aea-650af3 GetFileType 384->386 385->379 387 650b25-650b28 385->387 386->385 388 650af5-650afe 386->388 387->379 389 650b06-650b09 388->389 390 650b00-650b04 388->390 389->379 391 650b0b-650b0f 389->391 390->379 391->379
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00650AD9
                                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 00650AEB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3000768030-0
                                                                                                                                                                                                                          • Opcode ID: 1f6ccce4526fce51a117e9061294ceccf8f0c4b4cb9610409fe1a52917b5c3a0
                                                                                                                                                                                                                          • Instruction ID: c2530033c7f4106bde0995a22e9d0356d0db023f4a260758c44780b3d1a609bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f6ccce4526fce51a117e9061294ceccf8f0c4b4cb9610409fe1a52917b5c3a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F11D6322047424AEB308E3E8CD96727A97A752336F380719DDB6976F2C371D98AD240
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065705A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 400 65705a-65707c 401 657195-6571bb 400->401 402 657082-657094 GetCPInfo 400->402 404 6571c0-6571c5 401->404 402->401 403 65709a-6570a1 402->403 407 6570a3-6570ad 403->407 405 6571c7-6571cd 404->405 406 6571cf-6571d5 404->406 408 6571dd-6571df 405->408 409 6571d7-6571da 406->409 410 6571e1 406->410 407->407 411 6570af-6570c2 407->411 412 6571e3-6571f5 408->412 409->408 410->412 413 6570e3-6570e5 411->413 412->404 416 6571f7-657205 call 645609 412->416 414 6570c4-6570cb 413->414 415 6570e7-65711e call 653c68 call 653f5f 413->415 419 6570da-6570dc 414->419 426 657123-657158 call 653f5f 415->426 422 6570cd-6570cf 419->422 423 6570de-6570e1 419->423 422->423 425 6570d1-6570d9 422->425 423->413 425->419 429 65715a-657164 426->429 430 657166-657170 429->430 431 657172-657174 429->431 432 657184-657191 430->432 433 657176-657180 431->433 434 657182 431->434 432->429 435 657193 432->435 433->432 434->432 435->416
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(E8458D00,?,006572A9,0065729D,00000000), ref: 0065708C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Info
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1807457897-0
                                                                                                                                                                                                                          • Opcode ID: c90fd0a3e315071573dc554097cab0cd486bdf2f987c6e564486913c5479a037
                                                                                                                                                                                                                          • Instruction ID: c98b1c545737c4842df26a7dd077b6a754b268710f38f7508c36af1b9e875335
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c90fd0a3e315071573dc554097cab0cd486bdf2f987c6e564486913c5479a037
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71514EB19082589ADB318E28DC80AE67BFEDB55305F2805EDD999C7182D3715E4ADF20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650403 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 436 650403-65042b 437 650431-650433 436->437 438 65042d-65042f 436->438 440 650435-650437 437->440 441 650439-650440 call 650338 437->441 439 650482-650485 438->439 440->439 443 650445-650449 441->443 444 650468-65047f 443->444 445 65044b-650459 GetProcAddress 443->445 447 650481 444->447 445->444 446 65045b-650466 call 64cc50 445->446 446->447 447->439
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 43914a26c8fae5c0ca24122af83f917bf160416598415b2368343e03de603628
                                                                                                                                                                                                                          • Instruction ID: daf5de4143091de5ff1ff6c1ddedbbe3fc0f39c4f2b2996ccbf0142db4c5e9fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43914a26c8fae5c0ca24122af83f917bf160416598415b2368343e03de603628
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8401B533704325DFAB159E69EC409AA37D7AB88371B549125FE14CB294EB70DC49C790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00642086 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 450 642086-64209a call 6456e0 453 64209c 450->453 454 64209e-6420bd call 641e90 call 641eda 450->454 453->454 459 6420c1-6420ce 454->459 460 6420bf 454->460 461 6420d0 459->461 462 6420d2-6420da FindCloseChangeNotification 459->462 460->459 461->462 463 6420f0-642106 462->463
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2200afddb6538aaeac5d523754fe846b98cb8fcd5da28e7b70cc7d7504a5acb1
                                                                                                                                                                                                                          • Instruction ID: 2c53e2b09b24a609342678a6f536f539a643eca773b497c2c89614d0ecf1f910
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2200afddb6538aaeac5d523754fe846b98cb8fcd5da28e7b70cc7d7504a5acb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F04C36D18206C7E7149FA89C6279F76A2EB81B30F600B2BE437E31E1CA6444408659
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00653151 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00643241,?,?,00646A84,?,?,?,?,?,00641655,00643241,?,?,?,?), ref: 00653183
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: 17c88b289f22691e3e1b9104bfea379401a3e1f9a9f1c9fbc02e6fcbe7095d7e
                                                                                                                                                                                                                          • Instruction ID: 059d29fe93a8c7cc2c8d93b498c68e9d909ea8faaa5c28edf2de3ef61d14b391
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17c88b289f22691e3e1b9104bfea379401a3e1f9a9f1c9fbc02e6fcbe7095d7e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51E0E531201E3066D7702AB9AC04BAB764B9F01FF2F150224FC48963D1DF90CF0582A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00659EC2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00659FCE
                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 0065A017
                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 0065A026
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0065A06E
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0065A08D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                          • String ID: t#f
                                                                                                                                                                                                                          • API String ID: 415426439-3066145426
                                                                                                                                                                                                                          • Opcode ID: a59af3ce79d8984b4bbfd1140a4cc65978b0c684e8111df4d64fa78cb2b030c9
                                                                                                                                                                                                                          • Instruction ID: ab807bdc5ec6ec9b9faab5e737ceb49678a5c75b055deb6fb915a52c7fe39859
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a59af3ce79d8984b4bbfd1140a4cc65978b0c684e8111df4d64fa78cb2b030c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15514C71A00206EBDF50DFA5DC41AEEB7BAAF05702F184469F904EB290E7709A48CB71
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065955E Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,?,?,?,?,0064DE82,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0065961F
                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0064DE82,?,?,?,00000055,?,-00000050,?,?), ref: 0065964A
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 006597AD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                          • String ID: t#f$utf8
                                                                                                                                                                                                                          • API String ID: 607553120-1295901212
                                                                                                                                                                                                                          • Opcode ID: 5a889dbae4579df96ce17912518acf1c4ea9bf4dc0065342b8edbc7d602bded2
                                                                                                                                                                                                                          • Instruction ID: e0c7230501170d726ab58dc0e9fa0670be018b023a7a750861ced1c769737bd5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a889dbae4579df96ce17912518acf1c4ea9bf4dc0065342b8edbc7d602bded2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6871DA71610306EAEB24AF74CC86BA673AAEF48706F14442AFD45D7281FB70E949C774
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00659CED Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,0065A00B,00000002,00000000,?,?,?,0065A00B,?,00000000), ref: 00659D86
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,0065A00B,00000002,00000000,?,?,?,0065A00B,?,00000000), ref: 00659DAF
                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,0065A00B,?,00000000), ref: 00659DC4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                          • Opcode ID: 56df19cfba902525f31c7283a86b44b4a4497a9479e37efec6a1cbc793918d90
                                                                                                                                                                                                                          • Instruction ID: e9806906790c9fde7186ea2796d5a1914de98a612de14d5256159dc8aa02aa95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56df19cfba902525f31c7283a86b44b4a4497a9479e37efec6a1cbc793918d90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3216D72600901EADB349F64C900BE7B2B7AF50B53F568A64ED0AD7214E732DE49C770
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00646116 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00646122
                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 006461EE
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0064620E
                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00646218
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                          • Opcode ID: 34fb2c7a0460ae474afc48aa8052a23bccc931d1b137145092c1bb6e07c3834e
                                                                                                                                                                                                                          • Instruction ID: 6fa6470fa1abb236f1f40fc0c7f51fb2ee5b17525dd5c699a67b4804dbb9a19c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34fb2c7a0460ae474afc48aa8052a23bccc931d1b137145092c1bb6e07c3834e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3311A75D0131CABDF50DFA4D989BCDBBB8AF08304F10409AE40DAB250EBB15B858F05
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00659971 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006599C5
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00659A0F
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00659AD5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 661929714-0
                                                                                                                                                                                                                          • Opcode ID: 76b75c255b4774ed8f1b973fd0021cf12f78ba30f384172d0da04abba81064b3
                                                                                                                                                                                                                          • Instruction ID: b877adcb619c30a2cf11e59dc3d73123a4bc746228db954778d99980558cecd2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b75c255b4774ed8f1b973fd0021cf12f78ba30f384172d0da04abba81064b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31618271510207DFEF289F28DD82BBAB7AAEF04302F108169ED05C6685E735D999CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00649E13 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00649F0B
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00649F15
                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00649F22
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                          • Opcode ID: d605d1b3d6cf004a6d41dccdb7793ed0358a576e9cba34287fc118e0074bc6b2
                                                                                                                                                                                                                          • Instruction ID: 758da710dbaf5946bc2e95c97056f16cf25aeddc50ae0be940cf8ae491f4f502
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d605d1b3d6cf004a6d41dccdb7793ed0358a576e9cba34287fc118e0074bc6b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE31D27494122CABCB61DF24D988BCDBBB9BF08310F5041EAE40CA7290EB749B858F45
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650695 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0064E9E8,?,20001004,00000000,00000002,?,?,0064DFEA), ref: 006506C9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                          • String ID: <>d
                                                                                                                                                                                                                          • API String ID: 2299586839-3643440090
                                                                                                                                                                                                                          • Opcode ID: 9b8eaf7f0320c9c62fcc7e9c50f54b467d1f1451cfe22012446ed706e88d3eeb
                                                                                                                                                                                                                          • Instruction ID: c58e9a2ecada6704ad725846b9bd437774be8b04e02ff7448c3e415e218a9835
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b8eaf7f0320c9c62fcc7e9c50f54b467d1f1451cfe22012446ed706e88d3eeb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEE04F31500218BBDF126F60DC05E9E7E17FF84762F044424FC0566261CB72CE35AAD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006546B0 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,006546AB,?,?,?,?,?,?,00000000), ref: 006548DD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                          • Opcode ID: d1ea845c0e45a2fae99147bf5ffd5ce483d872162d7c3c5f1aaca88ea4cd96bd
                                                                                                                                                                                                                          • Instruction ID: 5997f145ff74d90058cb9b082189c9d3e6015ff4f468a74ff09932cb4fa0f7a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ea845c0e45a2fae99147bf5ffd5ce483d872162d7c3c5f1aaca88ea4cd96bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB17C352106048FD718CF28C486BA57BE2FF0536AF258698E8D9CF3A1C735E996CB40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00645C1C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00645C32
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                          • Opcode ID: 600c4553cdf9e68532dfe355b81fad3dccbb32f584c4d2f0dc23e2fe48947c23
                                                                                                                                                                                                                          • Instruction ID: 8067934e18d511f63d69cbb3748e5e9594eede2b0ba7dd0538aab3e22b7374e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 600c4553cdf9e68532dfe355b81fad3dccbb32f584c4d2f0dc23e2fe48947c23
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87515CB1D15A09CBEB14CF56D8C57AABBF2FB49314F24942AD802EB352D3B49940CF54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006569AA Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4be172e7f5aada68f82ec05e5dab398055318d477512c6825d38186b2eee1fff
                                                                                                                                                                                                                          • Instruction ID: 533fae3f6f76124e628e99c4649d076d466ae233c2d4ce986f0499f024c95764
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4be172e7f5aada68f82ec05e5dab398055318d477512c6825d38186b2eee1fff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E41A375804219AEDB20DF68CC89AEAB7B9AF45305F5442DDF858E3201EA319E84CF14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00659BC4 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00659C18
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                          • Opcode ID: 23f75ccf9ccc1283c0d6fe93bbabad687771129cf461b4dca42a6b9f066d5575
                                                                                                                                                                                                                          • Instruction ID: dfc54afc524064c43c9ff457ece23db6c8982f057ea59b3e4fc08055e38d5c9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23f75ccf9ccc1283c0d6fe93bbabad687771129cf461b4dca42a6b9f066d5575
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A921B072604206EBDB289F64DC42ABA73EAEF05302F10407EFD02C7251EB34AD08CB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065984B Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00659971,00000001,00000000,?,-00000050,?,00659FA2,00000000,?,?,?,00000055,?), ref: 006598BD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                          • Opcode ID: fe7161cf7327e93689e3f06be87b8ec5082b334482f1b9ed127c87e50dc65b5d
                                                                                                                                                                                                                          • Instruction ID: 1275da5ff237d23bb69438a13bae54db889a86ab6c56d21a3095d495ce1865ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe7161cf7327e93689e3f06be87b8ec5082b334482f1b9ed127c87e50dc65b5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 811106362007019FDB189F39C8915BAB7A2FF80369F18482DED8747B40D771A906C750
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00659DF3 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00659B8D,00000000,00000000,?), ref: 00659E1F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                          • Opcode ID: d857e007038ca2df9007225de15249b89586c1a4c027e0a329fd6afd4bf49691
                                                                                                                                                                                                                          • Instruction ID: 73fd336753aa4949a78797ac7bcdea961ce35d67733192e2a8ef5e1c613229eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d857e007038ca2df9007225de15249b89586c1a4c027e0a329fd6afd4bf49691
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3F08632600111EBDB289B658C066FE7769EF41B55F154428EC1AA3280EA74FD45C5B4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006598E6 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00659BC4,00000001,00000000,?,-00000050,?,00659F66,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00659930
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                          • Opcode ID: 5ba9dc0ea4009f7043e73017b78d5c2221029a112a91828aaf84986135ef204f
                                                                                                                                                                                                                          • Instruction ID: 13d7ea7a67f9ed295b7e7734585c5020ed8718d210dfdb0aef93fb8480946393
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ba9dc0ea4009f7043e73017b78d5c2221029a112a91828aaf84986135ef204f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF0F6363003049FDB249F35DC81ABBBB96FF803A9F09442DFD494B680D6B19C02CA60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065016F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064B7B5: EnterCriticalSection.KERNEL32(?,?,0064FAB8,?,00669F60,00000008,0064FC7C,?,?,?), ref: 0064B7C4
                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00650162,00000001,00669FE0,0000000C,00650591,00000000), ref: 006501A7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                          • Opcode ID: e3b5b8c183e307777716d2e5b438b4174eb0f1df5f406c0fae3d2bdecddcb2bf
                                                                                                                                                                                                                          • Instruction ID: 7af11027b3b9790ab86cf02b95b6572fede725aca35d04b7677a473a8040cb95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3b5b8c183e307777716d2e5b438b4174eb0f1df5f406c0fae3d2bdecddcb2bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF03732B04608DFD704EF98E882B9977B2EB48721F10811EE814EB2A1DBB599448F94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00659800 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: GetLastError.KERNEL32(?,00000008,006542E6,00000000,00649F90), ref: 0064FDE4
                                                                                                                                                                                                                            • Part of subcall function 0064FDE0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 0064FE86
                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00659759,00000001,00000000,?,?,00659FC4,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00659837
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                          • Opcode ID: ffe2b245c06da4f35d143643ae312d804859071852ce42553d7e9413719c3c9b
                                                                                                                                                                                                                          • Instruction ID: c1f931fe30462695cdf9df1ec53b0d611abba3aa27953f7161456ef77bfe06c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffe2b245c06da4f35d143643ae312d804859071852ce42553d7e9413719c3c9b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0A335700205D7CB049F35DC45766BF55EFC2715F07405DEE098B680C6719842C770
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00646278 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00006284,00645800), ref: 0064627D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                          • Opcode ID: f190d13f64d84a4795a939b4ddc82ea414b68c9f6d17556d5381c37f3c36e4af
                                                                                                                                                                                                                          • Instruction ID: 8f395c073a6e0f255dd17e84c564cac5c3aee9500a2ab7913d8f5f3d95703b9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f190d13f64d84a4795a939b4ddc82ea414b68c9f6d17556d5381c37f3c36e4af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065A124 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                          • Opcode ID: 79a4b1318c62054e3e21b20d5144bfcf0f2426b4123d6e3288596c6f6fc8e890
                                                                                                                                                                                                                          • Instruction ID: 89754934d0e9e6f848a4a5e19103e2dd47aa4cfa1aa7cd048ececfd468b737ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a4b1318c62054e3e21b20d5144bfcf0f2426b4123d6e3288596c6f6fc8e890
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA012301006008BC7008F375E04208359666051D17009024A045C1020DA3041404F00
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00670B3D Relevance: .9, Instructions: 937COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 29c8d4344f46b741d604608fbfc7b7879ac4eb854724848dc12f824902f42191
                                                                                                                                                                                                                          • Instruction ID: f677967d11fe590f499e6c5e303ad818b941d31cb0a9d739c1ce42ed7737523d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29c8d4344f46b741d604608fbfc7b7879ac4eb854724848dc12f824902f42191
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39827C2240F7C18FD7138B749CB11D1BFB2AE5721475E85CBC0C48F5A3D629A98AD762
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00654FD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8762c8dc34dd412b7bf493e5b6b332683c86282c8c5988a1ddb040e7d9a3c1d1
                                                                                                                                                                                                                          • Instruction ID: dfbd777fd04e36f3442eedc2ff67f2b469d2183e4b4815ce7f26b5ab28ca012d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8762c8dc34dd412b7bf493e5b6b332683c86282c8c5988a1ddb040e7d9a3c1d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC321561D29F414DD7239634C836335A28AAFB73D5F19E727EC1BF5AA5EB28C4834100
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065900F Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3471368781-0
                                                                                                                                                                                                                          • Opcode ID: 4bd7c0e638e8da59902e29a53d64e4a4cfc544b414693f931908b9fe523e4a55
                                                                                                                                                                                                                          • Instruction ID: b58aa43161e169db51c6504f427cae317531d6b74f7b24086d801f16e9f49e77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd7c0e638e8da59902e29a53d64e4a4cfc544b414693f931908b9fe523e4a55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04B1E635500706DBDB389B65CC92AF7B3EAEF44309F54452DED83C6680EA75E989CB20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00641FBE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3487c9dc40a5ec98afc308851ecfb0ab3da4c62528ad4a120292d19efbf15404
                                                                                                                                                                                                                          • Instruction ID: 7f729eee1bb415d2bc2679ceeb664c80979a063241c992b577aba92577a3b6bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3487c9dc40a5ec98afc308851ecfb0ab3da4c62528ad4a120292d19efbf15404
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C12136726043564FC768CF78995502BBBEAEBCA650F04092EF951CF341E231EA08CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00643375 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0064337C
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00643386
                                                                                                                                                                                                                          • int.LIBCPMT ref: 0064339D
                                                                                                                                                                                                                            • Part of subcall function 00643869: std::_Lockit::_Lockit.LIBCPMT ref: 0064387A
                                                                                                                                                                                                                            • Part of subcall function 00643869: std::_Lockit::~_Lockit.LIBCPMT ref: 00643894
                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 006433C0
                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006433D7
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006433F7
                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00643404
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                          • String ID: <>d
                                                                                                                                                                                                                          • API String ID: 2133458128-3643440090
                                                                                                                                                                                                                          • Opcode ID: ba7ac2d2015f2b90567dbb2ce4739a2ef8aae19e211fea7f85eb70e8ada214b3
                                                                                                                                                                                                                          • Instruction ID: c63691d12a5007f2ed9aff5233c067c95375ad9bc9c0c4eb60bf058fa06eea57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba7ac2d2015f2b90567dbb2ce4739a2ef8aae19e211fea7f85eb70e8ada214b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B01C435910529CBCB45EFA4D8467ADBBA7BF44320F25040DE411A7392CF709F018B85
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00648D26 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 00648E45
                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 00648F53
                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 006490A5
                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 006490C0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 2751267872-393685449
                                                                                                                                                                                                                          • Opcode ID: dd0a2b19d5f92dfafb36a5812e320b10d6670dcb0abab751bc3057eb4130491f
                                                                                                                                                                                                                          • Instruction ID: b708ed26f920a2369080cd4322239e8aaaacd18d6204d134bd2dd8a20cd51daa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0a2b19d5f92dfafb36a5812e320b10d6670dcb0abab751bc3057eb4130491f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59B17471C00209EFCF29DFA4C8819EEBBB6FF54310B14415EE9156B216DB31EA51CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006529CC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 0-3907804496
                                                                                                                                                                                                                          • Opcode ID: f73a1af1cb29b4ddc8ddf3215fa51ca7b7abc718210df615366bc807c8efe961
                                                                                                                                                                                                                          • Instruction ID: 26f244edca5054f37e9111e957a357b86d20ecc186e1cae396060800d4b09af6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f73a1af1cb29b4ddc8ddf3215fa51ca7b7abc718210df615366bc807c8efe961
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBB11970A0024AAFDB51DF98C8A1BBE7BB3BF46311F144259EC419B392C7B19E45CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00646F40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00646F77
                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00646F7F
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00647008
                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00647033
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00647088
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                          • String ID: <>d$csm
                                                                                                                                                                                                                          • API String ID: 1170836740-2508751008
                                                                                                                                                                                                                          • Opcode ID: cb0cb78b8ff5e5f6a729b4a7c270207de0abf34dd031f2ed7cb36b03bc2f8fb0
                                                                                                                                                                                                                          • Instruction ID: a41f18aa3f5ba22cb4cf3639344f2d857846b25139222948717937476f998e76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb0cb78b8ff5e5f6a729b4a7c270207de0abf34dd031f2ed7cb36b03bc2f8fb0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0841B474A05218EFCF10DF68C881AAEBFA7EF46324F148459F8159B392D732E945CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065C319 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00A90540,00A90540,?,7FFFFFFF,?,0065C5E9,00A90540,00A90540,?,00A90540,?,?,?,?,00A90540,?), ref: 0065C3BF
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0065C47A
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0065C509
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0065C554
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0065C55A
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0065C590
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0065C596
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0065C5A6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 127012223-0
                                                                                                                                                                                                                          • Opcode ID: b3655bbb0a4f6a41a1cf3c2d2c229fda25683cbe546fe1acb3f9ac6834c3de19
                                                                                                                                                                                                                          • Instruction ID: e2bc8be33aee61fa50bb80ed124d57e25a4a69948a7d020d9f46cce30de2e408
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3655bbb0a4f6a41a1cf3c2d2c229fda25683cbe546fe1acb3f9ac6834c3de19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A71E272900309AFDF209EA4CC52FFE77A79F85722F680059ED05A7381E634ED598764
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006453E1 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0064542A
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00645456
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00645495
                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006454B2
                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006454F1
                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 0064550E
                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00645550
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00645573
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2040435927-0
                                                                                                                                                                                                                          • Opcode ID: 1e7b122f02da17cc2fa27962886d15da8cbbf62bdbba9ccabf56dca04a6ca248
                                                                                                                                                                                                                          • Instruction ID: 876690cae7882279b86f8f8c7503d32ffaba06531ee6b8446b87aefbebbc2b82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e7b122f02da17cc2fa27962886d15da8cbbf62bdbba9ccabf56dca04a6ca248
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE51BF72900616AFEF24AF64CC40FFB7BABEF44751F144029F906AA292D7708D518B60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064D565 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,73E09E45,?,?,00000000,0065CF9D,000000FF,?,0064D4F5,?,?,0064D4C9,00000000), ref: 0064D59A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0064D5AC
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,0065CF9D,000000FF,?,0064D4F5,?,?,0064D4C9,00000000), ref: 0064D5CE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                          • String ID: <>d$CorExitProcess$mscoree.dll
                                                                                                                                                                                                                          • API String ID: 4061214504-1410337859
                                                                                                                                                                                                                          • Opcode ID: 64ff26274068cd5e2b1fec7b011e5223effd021453e10e74da2d504d46c17b4d
                                                                                                                                                                                                                          • Instruction ID: 621ee6c0dbcb37c842cb78203d27a051c8b3c565d5a34776f982b2b5e1c4bdb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64ff26274068cd5e2b1fec7b011e5223effd021453e10e74da2d504d46c17b4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18018631954759EFDF158F50CC09BAEBBBAFB44B25F010525F811E22D0EBB59A04CA50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006489B8 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,006489AF,00647281,006462C8), ref: 006489C6
                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 006489D4
                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006489ED
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,006489AF,00647281,006462C8), ref: 00648A3F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                          • Opcode ID: cb45a3f0b1c9696cdbbdd9c7a19e7d52c923b1ec5dfc1f04433914d68921b4e6
                                                                                                                                                                                                                          • Instruction ID: da02af82a74ce02dae979688ca51805b6559955d2dcb69509169eb4017eb5bd6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb45a3f0b1c9696cdbbdd9c7a19e7d52c923b1ec5dfc1f04433914d68921b4e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F801D43320D715AEA76827787D85AAF2B47EB11779720132EF120926E0FFD24C815158
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064340A Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00643411
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0064341B
                                                                                                                                                                                                                          • int.LIBCPMT ref: 00643432
                                                                                                                                                                                                                            • Part of subcall function 00643869: std::_Lockit::_Lockit.LIBCPMT ref: 0064387A
                                                                                                                                                                                                                            • Part of subcall function 00643869: std::_Lockit::~_Lockit.LIBCPMT ref: 00643894
                                                                                                                                                                                                                          • ctype.LIBCPMT ref: 00643455
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0064348C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3358926169-0
                                                                                                                                                                                                                          • Opcode ID: c8d6182da23e9b9e179772a5a6ba20b43dc8920a2af662d56a08bdda242fa943
                                                                                                                                                                                                                          • Instruction ID: 2df6e8210d355be6db03cabe3aa7ba1ee29234137f6ee0b22e81f79a118a245c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8d6182da23e9b9e179772a5a6ba20b43dc8920a2af662d56a08bdda242fa943
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF09A3591092A9BCB45EBA0C9467FE7667AF10721F51050DF8116B3E2DF348B058B88
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00648ACF Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                          • String ID: <>d
                                                                                                                                                                                                                          • API String ID: 1740715915-3643440090
                                                                                                                                                                                                                          • Opcode ID: e020dd98d7ec2ea7910d2dec7fcf7b636608eef29ac92810b4f4ea4eb2a33cb1
                                                                                                                                                                                                                          • Instruction ID: bc989e7705102dc56d294a9b93afbccb883767b59ba3e910c91265bcc0eba398
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e020dd98d7ec2ea7910d2dec7fcf7b636608eef29ac92810b4f4ea4eb2a33cb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3051E0B26062029FDB298F54C881BFE77A7EF01310F24452DE90297791DB32ED81C7A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006435D3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006435DA
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006435E7
                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00643624
                                                                                                                                                                                                                            • Part of subcall function 00644E14: _Yarn.LIBCPMT ref: 00644E33
                                                                                                                                                                                                                            • Part of subcall function 00644E14: _Yarn.LIBCPMT ref: 00644E57
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                          • API String ID: 482894088-1405518554
                                                                                                                                                                                                                          • Opcode ID: c64562dfa1de6ce31b1cdad7924882d5e863d7dae2c423dc0755a1b1dbebcca5
                                                                                                                                                                                                                          • Instruction ID: 7ceb991f0f0e42c62406fffb9b27896361cc6cd00fa023b40a11912fe5b6421c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c64562dfa1de6ce31b1cdad7924882d5e863d7dae2c423dc0755a1b1dbebcca5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97019271501B549FC7219F6A848258BFFE2BF28350B80892FE58D87B02C771E604CBAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00649B02 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(006698A4,00000000,00000800,?,00649AB3,00000000,?,?,?,?,?,00649BDD,00000002,FlsGetValue,0065FC58,FlsGetValue), ref: 00649B0F
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00649AB3,00000000,?,?,?,?,?,00649BDD,00000002,FlsGetValue,0065FC58,FlsGetValue,00000000,?,00648A6B), ref: 00649B19
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(006698A4,00000000,00000000,?,006698A4,?,?,?,0064154C,?,0064154C,?), ref: 00649B41
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                          • Opcode ID: 6d9bdc90b9dd6a09380e212e4d5c95c0fb60699451dd432c255cc3db28b2b1c8
                                                                                                                                                                                                                          • Instruction ID: 482237ff0aa57de208fc72a2c96b7f367f18bcf98caa2912b22b62f48fe05794
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d9bdc90b9dd6a09380e212e4d5c95c0fb60699451dd432c255cc3db28b2b1c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E01A30280308BBEF105F60EC06B5B7E5AEB00B51F105430F90CE81E1D7A29A609AA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650F1E Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(73E09E45,00000000,00000000,00000000), ref: 00650F81
                                                                                                                                                                                                                            • Part of subcall function 0065634B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00653F16,?,00000000,-00000008), ref: 006563F7
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 006511DC
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00651224
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006512C7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2112829910-0
                                                                                                                                                                                                                          • Opcode ID: 362fe52b805991b30ee04ea5c6157398d60c6a66cc9dd7ba44c85f51be1d2b18
                                                                                                                                                                                                                          • Instruction ID: 702d2d0f8d0c225674cff3138568071776b59d0710367bab5ea706428b6da88e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 362fe52b805991b30ee04ea5c6157398d60c6a66cc9dd7ba44c85f51be1d2b18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AED19BB5D04248AFCF15CFA8C880AEDBBB6FF09315F18456AE915EB351D730A989CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00656767 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0065634B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00653F16,?,00000000,-00000008), ref: 006563F7
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006567CB
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006567D2
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0065680C
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00656813
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1913693674-0
                                                                                                                                                                                                                          • Opcode ID: cc98128085f19572f2658a2a4ebe6c3fcedf8ba0a30cd965da13ed77ed094cf3
                                                                                                                                                                                                                          • Instruction ID: 77d93f3258e9abc653d20e2ee3e0fae7c679daf818dce937b979c3f8f7b2f576
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc98128085f19572f2658a2a4ebe6c3fcedf8ba0a30cd965da13ed77ed094cf3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22217471600205AFDB509F65CC8186ABBABEF04376B90852DFC1597351E771EC54CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064C6F7 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1eb89fe45c7c98fada1862ab2f6204a53d44d1c747c8bc6ec19c75e1f318f458
                                                                                                                                                                                                                          • Instruction ID: f0b6408440691867a740b02d508cace5ab01a2416e588207c2e55367855d95ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb89fe45c7c98fada1862ab2f6204a53d44d1c747c8bc6ec19c75e1f318f458
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95218E31602205AFDBE0AF758CC09AB7BABAF403787108519F92597351EB71ED508FA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006576FD Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00657705
                                                                                                                                                                                                                            • Part of subcall function 0065634B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00653F16,?,00000000,-00000008), ref: 006563F7
                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0065773D
                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0065775D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 158306478-0
                                                                                                                                                                                                                          • Opcode ID: d4f4761e66455b8f2ccbd11effebc9630109ece4f11cb43ece7a9a0e0198bf2c
                                                                                                                                                                                                                          • Instruction ID: c57a3bfa6d5767a348a71c5eade535fc090c51c1e733725d6133cde7faf05da6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4f4761e66455b8f2ccbd11effebc9630109ece4f11cb43ece7a9a0e0198bf2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E1108B190AA157E7B6527B1BCCECAF695FDD58397F100028FC01D2241EA61CE0581B5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0065BE35 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,0065A928,00000000,00000001,00000000,00000000,?,0065131B,00000000,00000000,00000000), ref: 0065BE4C
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0065A928,00000000,00000001,00000000,00000000,?,0065131B,00000000,00000000,00000000,00000000,00000000,?,006518A2,00000000), ref: 0065BE58
                                                                                                                                                                                                                            • Part of subcall function 0065BE1E: CloseHandle.KERNEL32(FFFFFFFE,0065BE68,?,0065A928,00000000,00000001,00000000,00000000,?,0065131B,00000000,00000000,00000000,00000000,00000000), ref: 0065BE2E
                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 0065BE68
                                                                                                                                                                                                                            • Part of subcall function 0065BDE0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0065BE0F,0065A915,00000000,?,0065131B,00000000,00000000,00000000,00000000), ref: 0065BDF3
                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,0065A928,00000000,00000001,00000000,00000000,?,0065131B,00000000,00000000,00000000,00000000), ref: 0065BE7D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                          • Opcode ID: 90b818bdaafa4784e70d42488aaa6fc2c46f8beb7759b8e8ea34124ae4ca5889
                                                                                                                                                                                                                          • Instruction ID: 4315184182055adf6bf0146e51e59b0b5c37092df65cbe80fa0360be910cb061
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90b818bdaafa4784e70d42488aaa6fc2c46f8beb7759b8e8ea34124ae4ca5889
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5F01C36000618BBCF265FD6DC06AC93F67EF093B2F046014FE1985130DB3299A4DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0064C43D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 0064C4CD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                          • Opcode ID: d0310df49572e6203375a0c98d1cf07fc43bbc3fd801257eb88850353567f38c
                                                                                                                                                                                                                          • Instruction ID: 070c6c66c793a83533606984f0a565b2e5addb138f7813a557618e65f65fbacf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0310df49572e6203375a0c98d1cf07fc43bbc3fd801257eb88850353567f38c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E51AF6090A10186CB557B18CF113FE6BE3DB40762F648918F8C6833E9EB758CA9DE46
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 006490CB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?), ref: 006490F0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                          • Opcode ID: 67ec4e4b38808d522bcac5129786c63a94fa3ecc54b3aef385f9e3f8ecdcd4f6
                                                                                                                                                                                                                          • Instruction ID: 3414664d7d8ce0ff69931881f07305624261a299659eb27adaf451f0d8fe42e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67ec4e4b38808d522bcac5129786c63a94fa3ecc54b3aef385f9e3f8ecdcd4f6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B41597190020AAFDF16DF98CD85EEEBBB6FF48304F148099F909A7261D3359A50DB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00644DA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00644DB3
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00644E0B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                          • String ID: <>d
                                                                                                                                                                                                                          • API String ID: 593203224-3643440090
                                                                                                                                                                                                                          • Opcode ID: d385f1d6f94dbab07b2ee9fe524bb4974544874a3ae7c3b4c513f738be03dba2
                                                                                                                                                                                                                          • Instruction ID: 6505d2d14712e90b92c452e19866727dd112fd4ae887acfd903e8141132ceaff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d385f1d6f94dbab07b2ee9fe524bb4974544874a3ae7c3b4c513f738be03dba2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C015E35A00605AFCF15DF59C856E9D77BAEF85710F144099E8059B361DF70EE41CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00646ADC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,0064324F,?,00669868,0064154C,?,0064154C,?), ref: 00646B3C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                          • String ID: <>d$O2d
                                                                                                                                                                                                                          • API String ID: 3997070919-1398056108
                                                                                                                                                                                                                          • Opcode ID: ebec22bc52b23299dcf361818d843c962aecd2f4828b71582ded32fe2e7d0658
                                                                                                                                                                                                                          • Instruction ID: cb0f2238017b0d5490137f2df6fe160ad6ed5983697eaa3e8da8fed0d7d6c81a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebec22bc52b23299dcf361818d843c962aecd2f4828b71582ded32fe2e7d0658
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6018F75A00309ABCB059F58D884BDEBFF9FF49704F15405AE945AB390D770AE11CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00650750
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                          • String ID: <>d$InitializeCriticalSectionEx
                                                                                                                                                                                                                          • API String ID: 2593887523-2259171051
                                                                                                                                                                                                                          • Opcode ID: 73cc4349c0cfadc8bff9f4709e76958d880d0f0afc58f04b7c64a8a9b4513063
                                                                                                                                                                                                                          • Instruction ID: 14661176e2cf66de1720813e65b67b5c069ddf76cd25e0f8e2adaecbe7abceaf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cc4349c0cfadc8bff9f4709e76958d880d0f0afc58f04b7c64a8a9b4513063
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE09232580218B7CF211F60DC0AD8E3F17EB18BA3F054020FE0929260C6B289219BD4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00650596 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1641404397.0000000000641000.00000020.00000001.01000000.00000003.sdmp, Offset: 00640000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641392714.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641420794.000000000065E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641440125.000000000066B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1641457340.0000000000686000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_640000_0OqTUkeaoD.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Alloc
                                                                                                                                                                                                                          • String ID: <>d$FlsAlloc
                                                                                                                                                                                                                          • API String ID: 2773662609-1524200525
                                                                                                                                                                                                                          • Opcode ID: da8988404efdfd2a008c5775636a26ce73a81ecbacfffe9e29223d181848af3d
                                                                                                                                                                                                                          • Instruction ID: fcc84bdc2846bf48dfe920220e315090478f5b1a3a9d23530b762789accd48c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da8988404efdfd2a008c5775636a26ce73a81ecbacfffe9e29223d181848af3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73E0CD3158072873971077605D0599E7D479B60B63F050021FD0575281E9E1491555D5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0A038FA0 Relevance: 2.9, Strings: 2, Instructions: 379COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: XX^q$XX^q
                                                                                                                                                                                                                          • API String ID: 0-1102689228
                                                                                                                                                                                                                          • Opcode ID: 7f6f48064e62552efa071536f6b560a6433585f51cc3ca44f7f7cce827dd0083
                                                                                                                                                                                                                          • Instruction ID: b4c502c0eab51a4324916dd32c8433bb7033b8f0836c6bffffc2e9c2b8c20110
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f6f48064e62552efa071536f6b560a6433585f51cc3ca44f7f7cce827dd0083
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD1DE317002099FCB54EF79D45066EBBE2EF84350F10C929D51A8B7A5DF74ED8A8BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0369C0 Relevance: 1.9, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: 1668bb1f432e42615e64628a93acc3ae72bb0a2e060faf74f98a72360dbd46ee
                                                                                                                                                                                                                          • Instruction ID: e046a794d9ff99f50d0045a9e0a989f8363099df74a3a2566ddecf1f82b49ad5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1668bb1f432e42615e64628a93acc3ae72bb0a2e060faf74f98a72360dbd46ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79328835A002089FCB54DF68D494AAEBBF6FF89310F158469E806DB351DB75EC45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042C54 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q
                                                                                                                                                                                                                          • API String ID: 0-538443824
                                                                                                                                                                                                                          • Opcode ID: ed021614fef166472996ba29c94ee629dd1437e75a77fa465b9a301f9c9b6497
                                                                                                                                                                                                                          • Instruction ID: 8b15e34cb2fb3ce3f7acb3d8dc1bdb295eed1068748e8e2f8ceb1a3e3e010390
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed021614fef166472996ba29c94ee629dd1437e75a77fa465b9a301f9c9b6497
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BB12871E00219DFDB14DF68D894AEDBBB2FF88304F1085A9E505AB261EF71A985CF50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EECC0 Relevance: 1.0, Instructions: 999COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 62bd6518b33d623b7eb4d1ffcff5851dcbf61bc95326dc2dcbe49655a1ec6f01
                                                                                                                                                                                                                          • Instruction ID: 6ee28bb6fe896f5fe8b53d8fdb823974483a8d64958e04b75a1c5c7122bf33fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62bd6518b33d623b7eb4d1ffcff5851dcbf61bc95326dc2dcbe49655a1ec6f01
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F922630A003499FDB54DF78C4547AEBBF2AF89300F1585A9D44AAB392DB34ED86DB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0454C8 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 727120d25f6245a18e6ca16ff2734d4161ab00ef9d60b25821a894d5ebd2b9ed
                                                                                                                                                                                                                          • Instruction ID: 43dc7ccc45553af8ad125c1b5f546d5af037c3728ff263db76e13cd098d2a859
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 727120d25f6245a18e6ca16ff2734d4161ab00ef9d60b25821a894d5ebd2b9ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5027C70A003188FDB54DF78D8546AEBBF2FF89310F248579E406AB395DA35AC46CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048CA0 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a6b3eca6af4f8fc975e03114ea4d62f9ff595541602f2f17c017214c4787dd3c
                                                                                                                                                                                                                          • Instruction ID: 5db47fa7629fbffff0fefcc69592e4e777f53bd34e4c2935955b51c770698051
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6b3eca6af4f8fc975e03114ea4d62f9ff595541602f2f17c017214c4787dd3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E1A370A102188FC754DF68D0946AEBBE2FF88350F1584A9E845EB342DB75DD45CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06830A01 Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a22621ce4f429bc8cfe115477cabcb9d703fb3556ca7f26dff52d38e2a032775
                                                                                                                                                                                                                          • Instruction ID: 316980513c97587951ae1123fdbcb0b0093c3fa2ffde4466fc83b7c6cc0bea9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22621ce4f429bc8cfe115477cabcb9d703fb3556ca7f26dff52d38e2a032775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08E13174A00309AFDB44EFA8D854BAE7776EF88300F508828E505BB395CE35AC45DF65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06830A10 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 821d29c6d402044350901daf65db4f26e4b8da8b6b5593c43ba79b63fb3afa7d
                                                                                                                                                                                                                          • Instruction ID: fbd5886ae7788f998a9e5f18a777bd3f2faf76a8b8cee19ccc00d577d814f475
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 821d29c6d402044350901daf65db4f26e4b8da8b6b5593c43ba79b63fb3afa7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8E12274A00309AFDB44EFA8D854BAE7776EF88300F508828E515BB394CE35AD45DF65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A037528 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f0f2309c62527211c0d1c64e1a624a9a2b8b948d18a6aa9130260ef3a6cabc17
                                                                                                                                                                                                                          • Instruction ID: 628507194107c6154f4a02daa3c9f6c09ac4b2bd00b405a60c34b67d6023524e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0f2309c62527211c0d1c64e1a624a9a2b8b948d18a6aa9130260ef3a6cabc17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12C1C1716002069FCB54EF39D984769BBE6FF84300F00C929D5068B7A5DBB4E986CBB0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06831748 Relevance: 10.2, Strings: 8, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$[^\u0020-\u007F]Profilesmoz_cookies$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                          • API String ID: 0-81219223
                                                                                                                                                                                                                          • Opcode ID: 18fe7987a91401941aaea9aa7e818b9ddeb57fea40ab16d59f9b9053d5367054
                                                                                                                                                                                                                          • Instruction ID: af16afc583f279cf06c1e5ca8b73ff644476d44471e815df37e8bd94b1b5dc09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18fe7987a91401941aaea9aa7e818b9ddeb57fea40ab16d59f9b9053d5367054
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF71CE30E003199BDB54EF79C8587AEB7B2AF89B04F208929D446AB390DF749981C7D1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09479F Relevance: 8.0, Strings: 6, Instructions: 465COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: A=$L=$W=$b=$x=$BH
                                                                                                                                                                                                                          • API String ID: 0-947043703
                                                                                                                                                                                                                          • Opcode ID: e970281962257846c5c89e5c1ed3ba233ec5a46d4ec1431d1412e05323b1dea2
                                                                                                                                                                                                                          • Instruction ID: 30a36bd8c140adb365c9f0fa5a7a64d5532179695ffd03150ba31be72fa0e79e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e970281962257846c5c89e5c1ed3ba233ec5a46d4ec1431d1412e05323b1dea2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF1393154928AAFE74F9F74D0666A6BFB6EF4331476850EDC0C6CE232D3625492CB18
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06831738 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • $^q, xrefs: 0683184F
                                                                                                                                                                                                                          • [^\u0020-\u007F]Profilesmoz_cookies, xrefs: 0683194C
                                                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 06831785
                                                                                                                                                                                                                          • $^q, xrefs: 068318C2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$[^\u0020-\u007F]Profilesmoz_cookies$$^q$$^q
                                                                                                                                                                                                                          • API String ID: 0-142524215
                                                                                                                                                                                                                          • Opcode ID: 941441cdc4756dcf66e1abdd77e3c30c7f453046a85dcf5163ba7781d97683b3
                                                                                                                                                                                                                          • Instruction ID: 291a3543c6160e75e096aeab2673cd3c23c88c030f2584c91a9b60cf7c180fcd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 941441cdc4756dcf66e1abdd77e3c30c7f453046a85dcf5163ba7781d97683b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51EE30E013199FDB55DF74C8587AEBBB2EF89B04F208529D886EB290DB759881C7D1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683480F Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q$4'^q$$^q
                                                                                                                                                                                                                          • API String ID: 0-953868773
                                                                                                                                                                                                                          • Opcode ID: db6c36d30dfc50af628607269fa56bc60b9c50513a7e6f9b5f7ee61d503a9747
                                                                                                                                                                                                                          • Instruction ID: 4ceedebd6ff52e58be1ef721d0edc67f376e8f6de913f5b9e63fc5585a72572b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db6c36d30dfc50af628607269fa56bc60b9c50513a7e6f9b5f7ee61d503a9747
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC41E1307402188FC748AB7CE85466E3BE2EBC9715F1485B9E509CB366DE25CC4683E1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068319C2 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: [^\u0020-\u007F]Profilesmoz_cookies$$^q$$^q
                                                                                                                                                                                                                          • API String ID: 0-3622219575
                                                                                                                                                                                                                          • Opcode ID: ded9507e84d966bc03820d92c591e714f9d796fb4ed5375730daa2462745721d
                                                                                                                                                                                                                          • Instruction ID: 0f0331cfbb92cacb4eb9e647e1c26e74344e0f281e0655aa82e369d3afebfdf8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded9507e84d966bc03820d92c591e714f9d796fb4ed5375730daa2462745721d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7741AF30E0031ADFDB649F64C4987AEB7B2BF49B04F208529D982E7250DB74D985CBD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098B28 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LjAp$PH^q
                                                                                                                                                                                                                          • API String ID: 0-4096082092
                                                                                                                                                                                                                          • Opcode ID: 4e4948a2fb42745641e2dcc63ae21e97d9c2c20338132f009dcde9d9c0765448
                                                                                                                                                                                                                          • Instruction ID: 1c91bb079179d14371aba3abf460cd217287e97c70fa56accb07bf5f750f9be1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e4948a2fb42745641e2dcc63ae21e97d9c2c20338132f009dcde9d9c0765448
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28D18D71A002099FCB54DF68D994AAEBBF2FF89310F158569E805DB365DB30EC45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04A598 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q$4'^q
                                                                                                                                                                                                                          • API String ID: 0-2508332758
                                                                                                                                                                                                                          • Opcode ID: c705903e57605ee9846ee57696b41639ae02c2fe34e80bba793b41f313ec8f87
                                                                                                                                                                                                                          • Instruction ID: 7115f315cc96032afec50ae649802635ef7117a577a9303cc2c47e47f76d0cd3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c705903e57605ee9846ee57696b41639ae02c2fe34e80bba793b41f313ec8f87
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B16C30A002089FCB15EF79D854AAEBBF2FF89340F158569E446AB391DF749D46CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09BF0B Relevance: 2.8, Strings: 2, Instructions: 282COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Xbq$c^q
                                                                                                                                                                                                                          • API String ID: 0-724334004
                                                                                                                                                                                                                          • Opcode ID: 1bb0be616f729cbf6ee4cdd01d4302a17b14baf3abc8ee1b9ac759b45f44822c
                                                                                                                                                                                                                          • Instruction ID: e93fec71a59216c4b9f1a6d2738f49f9a12fbd91a1b07108c2d663bd383e4ac5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bb0be616f729cbf6ee4cdd01d4302a17b14baf3abc8ee1b9ac759b45f44822c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6A15934B002099FDB18DF78C8A4A6E7BB2FF89700B244469E4069B3A5DB35DD42DB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A099CB8 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq$(bq
                                                                                                                                                                                                                          • API String ID: 0-4224401849
                                                                                                                                                                                                                          • Opcode ID: f4a3da00e8f3fb82f8dd68fbd3956d9c9cdc8a95b9aced622e08655b4582ad46
                                                                                                                                                                                                                          • Instruction ID: 049c7476e6185db3a6df89ef9b25459638a9774d8ef7cc63fb9f0d5668d3854a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4a3da00e8f3fb82f8dd68fbd3956d9c9cdc8a95b9aced622e08655b4582ad46
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB718E347002188FCB54DF79C494A6E7BE6EFC9750B198069E80ADB3A6DE30DC01DBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047340 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: xbq$xbq
                                                                                                                                                                                                                          • API String ID: 0-4275011135
                                                                                                                                                                                                                          • Opcode ID: 178fccf46178c1f4e88d4fe6b5b2806d0a05593d9ca77a264ede07c4628fc931
                                                                                                                                                                                                                          • Instruction ID: fb70bcbadbc915079fc76e7d9be739a28e0b1df39f27b07dc1ec565169989b99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 178fccf46178c1f4e88d4fe6b5b2806d0a05593d9ca77a264ede07c4628fc931
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04718C70A002098FCB55DF38C954A9ABBF2FF89304B14897DD446AB351DB75E906CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04DF00 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq$(bq
                                                                                                                                                                                                                          • API String ID: 0-4224401849
                                                                                                                                                                                                                          • Opcode ID: bfacec36ca76a84de1beb0e42da56b4a140c8afca7157264fb61ba6d374cae9f
                                                                                                                                                                                                                          • Instruction ID: fc9e8c92b9f55a168b0f1cc30ff1f88dc49d3826fedf130ee2c8f3dddfaaa5ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfacec36ca76a84de1beb0e42da56b4a140c8afca7157264fb61ba6d374cae9f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30314C70B002499FCB94EFB9D855AAEBBF1FF86300B1084A9E805DB392DA309D119B50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FD11 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: N)X$$^q
                                                                                                                                                                                                                          • API String ID: 0-3524111332
                                                                                                                                                                                                                          • Opcode ID: 25513565a7a899ab8807a4906d87e41af5324caf216ea082e8ca3daaca084c56
                                                                                                                                                                                                                          • Instruction ID: 2dbb123c8eb7d422608e8f6eea8dbc5cb7819d8ff666a0a619387e6f2db0d6de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25513565a7a899ab8807a4906d87e41af5324caf216ea082e8ca3daaca084c56
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99218B31A0120ACFCF98DF78D4186ADBFF2AF49310F14406AC405EB3A4DB358845CB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068397BF Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q$4'^q
                                                                                                                                                                                                                          • API String ID: 0-2697143702
                                                                                                                                                                                                                          • Opcode ID: bc67ee6a4916aa3073981557d25208d3a439b0ad450978ca2df4db62817b6c49
                                                                                                                                                                                                                          • Instruction ID: 71bd098beee194c4801bff3d8a39b64731e52614cbf2d8772c68e7bf835ad687
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc67ee6a4916aa3073981557d25208d3a439b0ad450978ca2df4db62817b6c49
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA01FE3144E3905FC316FB3CD5560CBBFE19E81210704499EC0C98B677EF64944D87A6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068397F0 Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q$4'^q
                                                                                                                                                                                                                          • API String ID: 0-2697143702
                                                                                                                                                                                                                          • Opcode ID: d9f5d383500477462a62a128b0fd0cdb92077a5ed6f6ed866651b522b1e2722c
                                                                                                                                                                                                                          • Instruction ID: f1019ae4c2beb1ededf8691d07bfdf2917ea9c0b3b9dd4c34f73b9250a640b24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9f5d383500477462a62a128b0fd0cdb92077a5ed6f6ed866651b522b1e2722c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CE09A305817105FC218FB2AEA4648ABBD6EE847103408E3D908E87B6ADFB0B84D47A5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06839D60 Relevance: 2.0, Instructions: 1978COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 552a3d727c8e2e16e1e1b899cf53525a612286c69b8398389ceab7a4ef88fc11
                                                                                                                                                                                                                          • Instruction ID: 5f49aab062a416c7069410b57515ade665a793423f5696e4b19d192f0e890ecb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 552a3d727c8e2e16e1e1b899cf53525a612286c69b8398389ceab7a4ef88fc11
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD234375902204DFCFA6AFA5CA28669BB32FB49345B20847BDD1267760CB7E9D41DF00
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06839D70 Relevance: 2.0, Instructions: 1978COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8a8ddde56fbd2c58790e4c064472e38557b7dec98d411a7505f722a27e83b3c0
                                                                                                                                                                                                                          • Instruction ID: 4215d9ffdf0bb8693760fd63c4b046b1d6d91d931561a204ca8ca4bc257a2910
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a8ddde56fbd2c58790e4c064472e38557b7dec98d411a7505f722a27e83b3c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E234375902204DFCFA6AFA5CA28669BB32FB49345B20847BDD1267760CB7E9D41DF00
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A095B80 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a
                                                                                                                                                                                                                          • API String ID: 0-1398665782
                                                                                                                                                                                                                          • Opcode ID: fbc1f9bbb7b1cae1a372f0ce21b49af897465c6a06617127ef21d9b5ccdba8bc
                                                                                                                                                                                                                          • Instruction ID: f5120899dff6750d97f047217325aee155c9e781c1fd0d95558e9c50517eff4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbc1f9bbb7b1cae1a372f0ce21b49af897465c6a06617127ef21d9b5ccdba8bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3024934A00719CFCB55DF38C854A99BBB1FF89310F118698E849AB361EB34E985CF80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048380 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q
                                                                                                                                                                                                                          • API String ID: 0-538443824
                                                                                                                                                                                                                          • Opcode ID: 4b772a13a60122be29e0da79c40bb966122db6f46f47dc3602d384488cf8cf2b
                                                                                                                                                                                                                          • Instruction ID: 7f07a88f9712396b40aa49bf82e683e95671cf86d178d66500e00afb720b3156
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b772a13a60122be29e0da79c40bb966122db6f46f47dc3602d384488cf8cf2b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95C16975A002089FCB54DF78D494AAE7BF2FF89310F158969E846AB350DB31ED45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A095B70 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a
                                                                                                                                                                                                                          • API String ID: 0-1398665782
                                                                                                                                                                                                                          • Opcode ID: 103ffa2fae5887bd0a5367098579377062dc1804eb2e2e2d43be65e1412804c4
                                                                                                                                                                                                                          • Instruction ID: 086d0bf736f0985de224ae379056c29b904cb773968854c0e12598ae242c0d51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 103ffa2fae5887bd0a5367098579377062dc1804eb2e2e2d43be65e1412804c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AC13B3191071ADFDB11DF78C854A99BBB1FF49314F118699E849AB261EB30EAC5CF80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A030040 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: 76e9ae81008bf13d446f535158503d7d85643d1e936cee0b2e2b5f618f2077bb
                                                                                                                                                                                                                          • Instruction ID: f56c8740d3923d91e7d3cfbb6bc35b256a3baa86f78b5f1db05bf816e42b3a24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76e9ae81008bf13d446f535158503d7d85643d1e936cee0b2e2b5f618f2077bb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7916A31A013099FCB54DFA9D8986ADBBF6EB89300F148429D506EB3A5CB749C45CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035868 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: dc6035df57b872559239ee8d2aad5040a1f4a770b2a2af74e2c41ff07d143f09
                                                                                                                                                                                                                          • Instruction ID: e1d30d5657d81c32fe0a6ea8c4f6a53cc7686b965dfd9a1dd6f175b6a0c0bc44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc6035df57b872559239ee8d2aad5040a1f4a770b2a2af74e2c41ff07d143f09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B81A571B002099FDB14DF69D984AAEBBF6FF88310F158429E406AB361DB70AC45CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0489E8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q
                                                                                                                                                                                                                          • API String ID: 0-538443824
                                                                                                                                                                                                                          • Opcode ID: 135c2f753d7d182df84778d401d4ad6736c4f7380c8f2fa3c6d09605d1331412
                                                                                                                                                                                                                          • Instruction ID: 451edaf93a28a940f191e067074f363540f79a3e8d650962ac9e8916971b0baa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 135c2f753d7d182df84778d401d4ad6736c4f7380c8f2fa3c6d09605d1331412
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4717CB1A002488FDB54EF78C5545EDBBF2FF89300F1985B9D805AB351EA35AD49CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5D90 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: 8fadb44bf2b70881d2251cf9e021ed3cd6e8843bd0e00196857ce534539efd4d
                                                                                                                                                                                                                          • Instruction ID: 71add79e38c9e29f728c9197d83644a6c7b39ad18c110e54ef9058a6fa4f6f5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fadb44bf2b70881d2251cf9e021ed3cd6e8843bd0e00196857ce534539efd4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3651BE31A006199FC718DF6DC99046EFBB5FF84324B158A6AE419DB391DB70BC468BE0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CC20 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: 2b8eada3b644757d8b50dbd47cde1a36e94733a638f9e921956831d434472653
                                                                                                                                                                                                                          • Instruction ID: 7541fef66a3ff94277fa24f4d22fdba23b0b6f08067a55cfed86ed3bef9446c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8eada3b644757d8b50dbd47cde1a36e94733a638f9e921956831d434472653
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD519274F012459FCB44BB7994281BEBBE2FFC5310B14862DD50ADB382EF3899068B65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04A330 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q
                                                                                                                                                                                                                          • API String ID: 0-538443824
                                                                                                                                                                                                                          • Opcode ID: e94e0a9093282a80b6cae2e5ef9c85c580ff3dbe322409b274ee1d3f8b3524e3
                                                                                                                                                                                                                          • Instruction ID: 0975e800e3ee415422d5e61ec9ff67b73b7cd796aec678b412252119362cce27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e94e0a9093282a80b6cae2e5ef9c85c580ff3dbe322409b274ee1d3f8b3524e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D51AF70B003159FCB54AF69D894AAE7BE6FFC5350B144569E406CB352EE35EC06CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0ECF80 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Hbq
                                                                                                                                                                                                                          • API String ID: 0-1245868
                                                                                                                                                                                                                          • Opcode ID: 7e16a2fc8281c61b242ec83d84b707bb822935fbd42142018eebe5bb272cdec7
                                                                                                                                                                                                                          • Instruction ID: a791ff6500b33a8851ffc54580f3f7b392754e6ab8e41d1f5f72ad8082003d76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e16a2fc8281c61b242ec83d84b707bb822935fbd42142018eebe5bb272cdec7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC510534F002186FCB18EB78D4546AEBAE3EFC8750B184529E806E7384DF749D0297E5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A092998 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: 0608ab6226cade621323e38206700a78c28313bc6b974b49ad38626c88bb34fa
                                                                                                                                                                                                                          • Instruction ID: de33aede2381da1e4dc29a4a815577d492356827aa48f671f2bf45642ab351fa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0608ab6226cade621323e38206700a78c28313bc6b974b49ad38626c88bb34fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1951CA317003049FC725EF29E4546AEBBF2EFC9310B148669D04A8B366CB30ED4ADB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09BA38 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Hbq
                                                                                                                                                                                                                          • API String ID: 0-1245868
                                                                                                                                                                                                                          • Opcode ID: 4e4ad8e5f13682c8872a45d0448ed2c1fc6c1eef19620482823359cd5b795b44
                                                                                                                                                                                                                          • Instruction ID: 22be9ec0947f7560653142aa934f1ce3eb21c9b65966401d1a5b82e9dfd7ac53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e4ad8e5f13682c8872a45d0448ed2c1fc6c1eef19620482823359cd5b795b44
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41B1317002199FCB15DF78E8449AEBBF6EF89320B14846AE509C73A1DB34DC12CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098100 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: PH^q
                                                                                                                                                                                                                          • API String ID: 0-2549759414
                                                                                                                                                                                                                          • Opcode ID: 847ae7cbc51f53a5411f01da61a910a2176f7fd296b6b35725a7a3ca3dcf5367
                                                                                                                                                                                                                          • Instruction ID: f723b731722f70a5c27b4584613347dce796f894e5c7c1516a78f966b1f1358e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 847ae7cbc51f53a5411f01da61a910a2176f7fd296b6b35725a7a3ca3dcf5367
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6041E230A047498FDB69CB69D45476ABFF5BF86300F19C1AAC449CB352DB34D885DB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09913E Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: bcdb29438445fa0c34c733c849e074825a1a4b7609603ccc0c1a43a39951c23e
                                                                                                                                                                                                                          • Instruction ID: 6e406b255301e3e1d8ee7750fffca7d5da66e5c3bdbc3bf4089175300a551e8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcdb29438445fa0c34c733c849e074825a1a4b7609603ccc0c1a43a39951c23e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41B4317042949FCB05DF68D858AAE7BE6FF85350B19859AE845CB3A2CB31CC46DB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E0C0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: 088045f9fc9bb424871223dfb086da179071d07f26fa61f5e26c00e3a9e814b8
                                                                                                                                                                                                                          • Instruction ID: 76b87248a775e6746e00105155f9292254138a38564488d160673e0df33fd0f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 088045f9fc9bb424871223dfb086da179071d07f26fa61f5e26c00e3a9e814b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D041B0302002055FC759EB78D961AAEBBE7EFC0304B50893CD4468B7A5DF75AD4A8BE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09B8D8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LR^q
                                                                                                                                                                                                                          • API String ID: 0-2625958711
                                                                                                                                                                                                                          • Opcode ID: 783792a7e9b43b2d0c0203fa9cca2a5cd47e392b8a60533eb16c004f7d57ed62
                                                                                                                                                                                                                          • Instruction ID: a62fcfe5360250a7deabb5232cc456d332b2ba36b00a702c6cfc52215551f097
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 783792a7e9b43b2d0c0203fa9cca2a5cd47e392b8a60533eb16c004f7d57ed62
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC21B630B082889FCB05DF79E4255AE7FB6EF8B310B2444ADE4458B252DE359D01DB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E96D0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: 517b771dab3d8295ee9be2e548c2e23a6d73a8554b9703bfa5723383115fb9ce
                                                                                                                                                                                                                          • Instruction ID: dd1b521a958dbce8c8dbe811a08a6094026aaf7d561b656fd3f313486cb8e15c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 517b771dab3d8295ee9be2e548c2e23a6d73a8554b9703bfa5723383115fb9ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C318D312443459FC7069F28D85588ABFA1EF863107044AB9E446CF376DB789D8ACBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5D83 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: d860acdc98b04a263e8caaf921de2dcbeb4d6af2ad48540f440a442378c07e20
                                                                                                                                                                                                                          • Instruction ID: 086fdcb78b9191f6dd1f2d5b6025f80ececb3ad0cab81109ce3eb227fb0cbc7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d860acdc98b04a263e8caaf921de2dcbeb4d6af2ad48540f440a442378c07e20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7219170A0061AAFCB08DF6CC9504AEFBB5FF48314B148A2AD429EB391D770BD419BD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FB61 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: 8faaeb36e4c741981d1234c1d88abc7fe60e6c5cd6e740d8d49ec369c9f42706
                                                                                                                                                                                                                          • Instruction ID: e41cceda788a0908059e8d128fa2df0a077ae472f4b145d706f4faed0d724075
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8faaeb36e4c741981d1234c1d88abc7fe60e6c5cd6e740d8d49ec369c9f42706
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78318F709002499FCB85EFB8E9A579DBFB2FF45300F1086A9D005DB296DB781D49CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FC91 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $^q
                                                                                                                                                                                                                          • API String ID: 0-388095546
                                                                                                                                                                                                                          • Opcode ID: da2ecbc0ba92688b5c9b37a20ec2477bd0f471714c7f2f04d7bbf6d81b66b2d0
                                                                                                                                                                                                                          • Instruction ID: 98db4398e4686053c21bdfae5bc2963d8aec61128fbbf27dce77267c7d07d23b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da2ecbc0ba92688b5c9b37a20ec2477bd0f471714c7f2f04d7bbf6d81b66b2d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21F63020424A8FCB55DF69E85485EBFB6FF8631131481AAE405CB352DB758C04CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FB70 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: dc689dc4f7d1b1af95aaf6bd5f48be68b3a36729a68063be83a860080eb4e7c9
                                                                                                                                                                                                                          • Instruction ID: cd1433994f48b5efbb340c0cdae1e731f657b6c5c6ae220e3660ceb98ad976ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc689dc4f7d1b1af95aaf6bd5f48be68b3a36729a68063be83a860080eb4e7c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C214B709002099FCB84EFA8E995B9E7FB2FB84300F108669D005DB395DB785E49DB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FD20 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $^q
                                                                                                                                                                                                                          • API String ID: 0-388095546
                                                                                                                                                                                                                          • Opcode ID: f15af1932220bac3d98951077d486cabc615433741447d0a94da9538cb877cab
                                                                                                                                                                                                                          • Instruction ID: f94eb12bfc43f1d1cdccf8cb10576d0bedc5e2421492af17436c7528d4745376
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f15af1932220bac3d98951077d486cabc615433741447d0a94da9538cb877cab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C217C30A0120ACBDFA8DF78D5296AE7FF2AF49300F204429C405EB395DF758845DBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F8B0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q
                                                                                                                                                                                                                          • API String ID: 0-538443824
                                                                                                                                                                                                                          • Opcode ID: d367ff58753ad789993916873a3e4a8256666c416bcf7749b2ddd9a5e91a30fd
                                                                                                                                                                                                                          • Instruction ID: 2eaf3acf030cc3eb6ecbb541d73a7bfcb2f0ffee4103f41a51e8b1413728a5c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d367ff58753ad789993916873a3e4a8256666c416bcf7749b2ddd9a5e91a30fd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 211180367001189FCF496FB8E4189ADBBE2EB883257048579F50ECB762CE36DC219B44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03C3C0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (bq
                                                                                                                                                                                                                          • API String ID: 0-149360118
                                                                                                                                                                                                                          • Opcode ID: 3b0ae7ac2dc84cf7fcab9039f935ab9cfc411f481b2feb0cf3e839cf2d0effda
                                                                                                                                                                                                                          • Instruction ID: c7fa6f8c9e757960b37bd132b2c6a97cd27e7b5767d68e8cd2712db06999a868
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b0ae7ac2dc84cf7fcab9039f935ab9cfc411f481b2feb0cf3e839cf2d0effda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08110232B052589FC7559F3D9414A2FBBEAEFC6350718846AE80ADB385DE34DC018B91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0990C3 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: _
                                                                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                                                                          • Opcode ID: 6026e6f694f708c9b16240e880476c1f88b985a20ab59b29bd017aad3eda6044
                                                                                                                                                                                                                          • Instruction ID: 9e5125b08310cccff9a9844bb49f3c7642cd39cd280a46d0ec890e8a1c2f8928
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6026e6f694f708c9b16240e880476c1f88b985a20ab59b29bd017aad3eda6044
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B0180753006489FDB05CF68D8889A97BA6FF85360B1980DDE8458F2BBC771CC51CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06834780 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: a35b8a02894d0b717313b357f5dac835688bb492505c5456a071854b7a47e63a
                                                                                                                                                                                                                          • Instruction ID: 993481f3e8708a4822053963eeaae7e24ac243582a2f3400af09d2de6bf0ca75
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a35b8a02894d0b717313b357f5dac835688bb492505c5456a071854b7a47e63a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2018C30905349EFCB44EFB8E45948DBFB1EB86300B2042EEE445DB3A2EB301A09DB55
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FDE1 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $^q
                                                                                                                                                                                                                          • API String ID: 0-388095546
                                                                                                                                                                                                                          • Opcode ID: cf8aaa8fb05db895962c3939c992ce8166924d248022e758b786e43515627199
                                                                                                                                                                                                                          • Instruction ID: 26f0f7cc384163ded16d9703093fdc908ee44b229c7a01bebcc60d7251603205
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf8aaa8fb05db895962c3939c992ce8166924d248022e758b786e43515627199
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E301623060620FCBEFB49F68C5297AD7FB2AF05315F14042AC105EB695DBB48885EFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09B968 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LR^q
                                                                                                                                                                                                                          • API String ID: 0-2625958711
                                                                                                                                                                                                                          • Opcode ID: 6ad14394d6d3f53afa42c2d26a35e1b09a7223dea3575435c9cc372589726698
                                                                                                                                                                                                                          • Instruction ID: c94a3b1711bfa0ab32b59b6a25218ef6c5de62d5d716bd103dc3e9fab1984a32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ad14394d6d3f53afa42c2d26a35e1b09a7223dea3575435c9cc372589726698
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F0A7313102186BC7185A2AE855E5B7EAAEBCAB20B104029F50AC7360D9615C0196A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06834790 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'^q
                                                                                                                                                                                                                          • API String ID: 0-1614139903
                                                                                                                                                                                                                          • Opcode ID: 76b1e4590bf2cb1a8a0be65194593dce0a9bdfc0cb651cc91dcab77fc0894dda
                                                                                                                                                                                                                          • Instruction ID: 959dddc3e30f349031c99b72586eab2a06a3d7db05050e86be8e35031d562a9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b1e4590bf2cb1a8a0be65194593dce0a9bdfc0cb651cc91dcab77fc0894dda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF0C930A01209EFCB44EFB8E55559DBFB2FB44301B1086ADD80597355EF345A499B51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683C141 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: k9Y!0
                                                                                                                                                                                                                          • API String ID: 0-1825060378
                                                                                                                                                                                                                          • Opcode ID: 72443ee54f1937b7436ce4e5dcfc885bf0d2ebc33c5e876fd3c950424c0cc01c
                                                                                                                                                                                                                          • Instruction ID: ec6f3b36384663658c1d046069c21bc9a5792e8a46b3ef5854c475d87970779a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72443ee54f1937b7436ce4e5dcfc885bf0d2ebc33c5e876fd3c950424c0cc01c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0C23220D3D00FC707DB6C54500DA3FA9898A020B0504FFC089DB253CD600904839A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683C150 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: k9Y!0
                                                                                                                                                                                                                          • API String ID: 0-1825060378
                                                                                                                                                                                                                          • Opcode ID: 6bc5e0266105d1919c186db44b64e1fec7fdf5efdb8777be8a78a6214333b53b
                                                                                                                                                                                                                          • Instruction ID: 0c7e523518c6660a5bf0d698c362a63ab771d3c8a8874ef9f65e343f0cf24a31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bc5e0266105d1919c186db44b64e1fec7fdf5efdb8777be8a78a6214333b53b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED012736443282F4705EFAD54505DE7F9DDA84170F00456AD949D7341ED716A5042EA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A037B08 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 122fce04edcccb1cc4e61c4f007aff14207e47cf78abdc5f843f8158d1293f37
                                                                                                                                                                                                                          • Instruction ID: e856c62e3d361e2b009540c8b44ad03b30b08f35aca714f78ad6067d31c5310a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 122fce04edcccb1cc4e61c4f007aff14207e47cf78abdc5f843f8158d1293f37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9122C706002099FCB54EF74D48465DBBB2EF84301F14D969D5099F36ADB74ED8ACBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0967C0 Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a35de90e8cae08cdf0f901fb5c39ecc2a32e3cff9f7697acb513b570d0fd7626
                                                                                                                                                                                                                          • Instruction ID: 359a78e586d2e611690a068e914bd337a79817f4663b2ad54a318c08f9e8ec55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a35de90e8cae08cdf0f901fb5c39ecc2a32e3cff9f7697acb513b570d0fd7626
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67028B70A007499FDB65DF38C854B9ABBF1EF49300F158298E449AB352DB36E985CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AFB8 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 766dff9cb041eed1d59cb5a3eb932630023222ad06051a18bb414dabf086cc6b
                                                                                                                                                                                                                          • Instruction ID: 228aeded990a341b3128d89fbcf28a8e271ea2209272ae3f2dc375c8e2e539f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 766dff9cb041eed1d59cb5a3eb932630023222ad06051a18bb414dabf086cc6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F15B74A002499FCB54DFA8D498AAEBBF2FF89310F154568E805AB3A1DB34EC45CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A091B10 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6a2338ba80cdab6c6294d4db3c25468466a1a49a583f201d9752bcff4eda8e9
                                                                                                                                                                                                                          • Instruction ID: be297bf81bc421f6e81e6798ffddd9e7cdcbc12781e2a291245432f45fda06ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a2338ba80cdab6c6294d4db3c25468466a1a49a583f201d9752bcff4eda8e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D19C30B002099FCF94DFB8D454AADBBF2AF89350F148569E806EB395DF749D019BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A090B78 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4b40bfcb5ad6d2fb0b001dadd3b66a6fd995636ddee4a2c12c31e6f86c516dd2
                                                                                                                                                                                                                          • Instruction ID: b7dce3194b58ec1fb48676aadd6f5607a9dcc76a78bd7616e6f84b79d3b0bbac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b40bfcb5ad6d2fb0b001dadd3b66a6fd995636ddee4a2c12c31e6f86c516dd2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FD16B34B002089FCB54DF78D494A6EBBF6EF89300B148569E50ADB3A5DB75EC06DB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A038AC0 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 01f7e4f59657b3a4bd3048c6e251a9e76845488e7926a0fa9cdd8d90bc910d43
                                                                                                                                                                                                                          • Instruction ID: 9ead43e480068fa9b6e624a123149ccaca7574530448a634721705c96f1bab52
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01f7e4f59657b3a4bd3048c6e251a9e76845488e7926a0fa9cdd8d90bc910d43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9D182316002099FCB54DF64D5946AEBBF6FF88300F14C968E50A9B395DB74ED49CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0396E8 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a53fb049e6deec38410aaa63c196efce70539e8fd3122d0193f52ee986fd8c32
                                                                                                                                                                                                                          • Instruction ID: 7bf7845882810ca54f52c38f63bd65a8d13a89ffe757e2ae5c843f82d0016a9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a53fb049e6deec38410aaa63c196efce70539e8fd3122d0193f52ee986fd8c32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64D13D71A002099FCB14EF68D994AADFBB2FF84300F14D529D4059B395DB70ED86CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A092140 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9e2c9615d9bb1a1344d0b620882829df0cfc3f0dac1af0cd2d799f53816483fe
                                                                                                                                                                                                                          • Instruction ID: fdecc6a89d25852d1ea8542c5f28764a7b9be2ea12dc59431fc4a3706b39b1e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e2c9615d9bb1a1344d0b620882829df0cfc3f0dac1af0cd2d799f53816483fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5C15C35B00219AFCB54CF79D9449AEBBF2BF88300F158529E805E7361EB34ED469B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A092DC8 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a5a690125dc4492dae2e5968274a8ac74e10fbced4598e26c2fe83ba9592e121
                                                                                                                                                                                                                          • Instruction ID: 8455fb1afa502affb017c5f6e05ae50481335da37d2fecfb32a2efdc0d5a505f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5a690125dc4492dae2e5968274a8ac74e10fbced4598e26c2fe83ba9592e121
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FC1B430A3810DEFCBA8CA2CE585A7D7FB9B7443047058015E0A68B691D3F6FD62AB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03FC50 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 851fc6e3d10ee851d16e7d0b8131484bec1f9f543da583ac33f9be6e0e3a5830
                                                                                                                                                                                                                          • Instruction ID: 3c694a6f3c3e6d067a138ca29e52ae3c3f576297c98a86153be1e982a0e7853c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 851fc6e3d10ee851d16e7d0b8131484bec1f9f543da583ac33f9be6e0e3a5830
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAA19B30A003499FC755EF78D45866ABBF6FF89310B2584A9E40ACB3A2DB35DC46CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EBE20 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 005b447f382366b52597abc1cddfaf3e5530f4c747a10ee14620abd656f7e842
                                                                                                                                                                                                                          • Instruction ID: 3eafa622f0f185c65c6b59f8497bc96ab1d5223c28ec6233220f9025f8900dd0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 005b447f382366b52597abc1cddfaf3e5530f4c747a10ee14620abd656f7e842
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72A1C43060074A9FD765DF39C9506AABBF2FF89300B048A68D4868BB56DB70FD45DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A032BD0 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 07fe339411fdb8f03f0c36fb8579e6dea93b4c1e95965ef18aab7a13a5f40edd
                                                                                                                                                                                                                          • Instruction ID: acdd150810f3f4c15a0ad4522f83abb393f0cbbdf8571bfcf1df74053826f614
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07fe339411fdb8f03f0c36fb8579e6dea93b4c1e95965ef18aab7a13a5f40edd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8A19F35B102089FDB94DF28C098AAEBBF6EF9D350B158169E805DB365CB35ED41CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EECB0 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 24d62cb534bb69ac74233108e97cdad795d5fe6c160f04d679abc1514195126c
                                                                                                                                                                                                                          • Instruction ID: cb0ac5b7f74bc45fe603883251dac7cf2c27aa208d39a4fa08d77bb2947870b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24d62cb534bb69ac74233108e97cdad795d5fe6c160f04d679abc1514195126c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BB13430A0034DDFDB65DF64D4986ADBBF2BF89300F148569D8469B2A1EB34E886DF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04B5F0 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 879799b3e1ace3cdb81c60b25ea3ffc0843fabf9c77b83fd897819cda4c2d8a8
                                                                                                                                                                                                                          • Instruction ID: 66b98ae5ccfa2dcd73df3a611ba9d1997f8911ade2f060f6bdd7fd1f40ff87f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 879799b3e1ace3cdb81c60b25ea3ffc0843fabf9c77b83fd897819cda4c2d8a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D917E74B012089FC709DF68D59499DBBF6FF8A310B2581AAE419DB372CA35EC42CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683F266 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3dda5a48d3a8b5b57c41868fdd7403f41b3216a74387f5726e8e960d2f9dad7c
                                                                                                                                                                                                                          • Instruction ID: e83ba4db76dec2f4d5d273ed79110019ab643e064a92c7ee8359caee7076f6fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dda5a48d3a8b5b57c41868fdd7403f41b3216a74387f5726e8e960d2f9dad7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEA19D35E003198FDB55DFA8D854AAEBBF2FF89304F24411AE505EB3A1DB749802CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EE118 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1eb73f0c3c437c87575ad744c958c5b11fe15270f25344c21a3d47f8ce48d208
                                                                                                                                                                                                                          • Instruction ID: 865ff068e45b96fc13cc0ffe612a72786f6d825ec94094b75ff13383595253eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb73f0c3c437c87575ad744c958c5b11fe15270f25344c21a3d47f8ce48d208
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07B15B30A0121EDFDB64EF64D854BADB7B2FF84300F108699D849A7291DB74AE85CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EB380 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dbf3608274fe5c33c9746d8d6acfecc273805f31b44699fed5347f2986ef1985
                                                                                                                                                                                                                          • Instruction ID: 644cd9bc14dec9708476134d2e8b4007fa0b5a824c976e6256eb2ae00024e42c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbf3608274fe5c33c9746d8d6acfecc273805f31b44699fed5347f2986ef1985
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B81FF307003499FCB15EB38C814AAE7BE2EF86350F148469E449DB392DE79DD05DBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A090040 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d1decd1d6a48c759f5240c4aa2078b282ef85b7b89995c4828a15cfd20f3c73f
                                                                                                                                                                                                                          • Instruction ID: f30ab7cd24c6d3fa6398ba9556b535d0c083e430b6df8db31e04ed89b29dc36e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1decd1d6a48c759f5240c4aa2078b282ef85b7b89995c4828a15cfd20f3c73f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31A1E335A01208DFCB44DF68D898A99BBF2FF89320F164599E9059B362DB31EC81CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A034818 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ddba13d415a5b8f30bc2185ceba7e4dc8dcf8e5f40c76b60db1e2f21c4fc8997
                                                                                                                                                                                                                          • Instruction ID: ce397c9f390e54c064dc0b295043cc45ac44996bdf1158f4449c9b830154e426
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddba13d415a5b8f30bc2185ceba7e4dc8dcf8e5f40c76b60db1e2f21c4fc8997
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E916C74A003489FCB54DF64D99896DBBF2FF89301B108969E85A9B392DB71EC41CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047780 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 41e88e1a5d3277fb69d4cb33724b1c7eb0156614c0ee90324eab56d9757e0313
                                                                                                                                                                                                                          • Instruction ID: d973f657f22247fd4cf0d3e51cd7b43c7ed5a0acc67f69e2abe06528a8ba4d95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41e88e1a5d3277fb69d4cb33724b1c7eb0156614c0ee90324eab56d9757e0313
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9910935A102098FCB04DF68D898AAEBBF6FF89300F148569E546DB361DB71AD45CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A097E68 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dcf5d18d2470d74324b964366461cab5198ff4d1e7def50dfe49c63c6cc7ddf9
                                                                                                                                                                                                                          • Instruction ID: dc2e0c6d0815b979f5228c2efd9ba13086a10ed56742da7de2c8ee06f4aa8078
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcf5d18d2470d74324b964366461cab5198ff4d1e7def50dfe49c63c6cc7ddf9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7071C631A11309AFCB44EB78D844BEEBBB5FF85300F10862DE545A7352EB74A945CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B988 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 46a5ea52ea1366ffa0eb563f56da1b4aec31f9eacec4e2d139b6c0f5cafb9e99
                                                                                                                                                                                                                          • Instruction ID: 5c4d4574883043ec68f019784498393e05491f65f019241502ccd56fef9dcdf0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46a5ea52ea1366ffa0eb563f56da1b4aec31f9eacec4e2d139b6c0f5cafb9e99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A519F35B006058FCB94AF7DD45466EBBEAEBC9354B14857DE90ACB385EE34DC018BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0325B8 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 830e2d72ad9f99f71537295d12d6aba771725ea772a4209e0b5a3086d0d568ca
                                                                                                                                                                                                                          • Instruction ID: 776d1f99f6bde8b5d584fe1915af0016c0a122b0fc4b8afd0f9cd5aa65d70b2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 830e2d72ad9f99f71537295d12d6aba771725ea772a4209e0b5a3086d0d568ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F512873B092148FD769DB2DE4907A9B7D9EFA9320715417AD809CB354CB32EC42CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09AC20 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 84a12795ef51061308940d89b41e5877e0704cbcc5df28f923fc4185e008dde0
                                                                                                                                                                                                                          • Instruction ID: d360b0f6353155ec7539045a662c6a6141a76a2ebb9dd2a500cd0052086e56bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84a12795ef51061308940d89b41e5877e0704cbcc5df28f923fc4185e008dde0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52713A74B002498FCB58DF29D4949AEBFF2FF89350B1585A9E41ADB361C730E846DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EC7F8 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3aa0c73820f7f21028537a3b09bf2b14aaa5201b4a1e9bc6bef9986c8f1d6b9f
                                                                                                                                                                                                                          • Instruction ID: ef87817d9fee758bfa879d2d8947160d8ad649dfd500319a84b2b732db6e657f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aa0c73820f7f21028537a3b09bf2b14aaa5201b4a1e9bc6bef9986c8f1d6b9f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52815C34604288CFEB94DF68D088FA9BBF1FB88325F294159D405E7395CB799884DFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04DC80 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2006e576695e7a00b42cfbd7fd4d1f27a75e5d275f26935e8a049ef9f25c06a3
                                                                                                                                                                                                                          • Instruction ID: dc4a04915987448402c8a9520fa3c8786132945142bdbfdd931461a40f0de0f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2006e576695e7a00b42cfbd7fd4d1f27a75e5d275f26935e8a049ef9f25c06a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5961FF70B003999FCB55AF79886466EBFA2FF8A300B1481B9D449DB386DE34DC05C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03CE50 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0085ab8f6347d642da5bb6f1dfc6fcc0b63c88ad33f7afce6909e72fd14a4f3
                                                                                                                                                                                                                          • Instruction ID: d2d4b7e5fb5e110c4e92bbf4158a18c48c4bd1766cc3f514cfdb488464c7deaa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0085ab8f6347d642da5bb6f1dfc6fcc0b63c88ad33f7afce6909e72fd14a4f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B614C757002058FCB44DF78D494AAE7BE6FF89310B158569E81ADB3A6DE30EC05CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AE0C Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 83964eb3256071d89169024b028959971ae350f7fb94bf7276fa9a5af3f0c462
                                                                                                                                                                                                                          • Instruction ID: e9eb89c724340fbb7bc33c137860a7d95a39ea57dc29cb138c86f0b36b7f5abf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83964eb3256071d89169024b028959971ae350f7fb94bf7276fa9a5af3f0c462
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D516C75B017049FCB54DF79D88486EBBF2FF892107148A2EE54AC7765DA30EC068BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EE10B Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 55380c78f38ccd6a17a0c033f8aa6ab4a601c7be6ac44ca17ae2712426861673
                                                                                                                                                                                                                          • Instruction ID: 01dd01ce957ec7dfbb86ced8d58153cc35ecf95eefec89aa77798f8cb04d2ee1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55380c78f38ccd6a17a0c033f8aa6ab4a601c7be6ac44ca17ae2712426861673
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4914931A0165EDFDB64EF64D854BADBBB2FF44300F108699E449A7251DB30AE85CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EC7E7 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: aa27273f56b8309550312004712a04c32561d19cf1e7b7aefe5a4f85e13bce67
                                                                                                                                                                                                                          • Instruction ID: 5d65886833a604385d2aaff8428cb0a2175208c001882b7916ab7631b277a2b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa27273f56b8309550312004712a04c32561d19cf1e7b7aefe5a4f85e13bce67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B816D346042888FEB94DF68D088FA9BBF2FB8C325F194198D445D7395DB799884DFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A090B55 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c2fe95096e22f2a82d48c785dba8f7c5579b4cd48a2267e1e1a2cbd0a701920d
                                                                                                                                                                                                                          • Instruction ID: b55132a8ad109eef114a41979872b0812e5590311be67b21c9ebd6110c0a73ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2fe95096e22f2a82d48c785dba8f7c5579b4cd48a2267e1e1a2cbd0a701920d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E715874A002089FCB55DF68D494A9EBBF2EF89300F148569E80ADB365DB72ED45CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A049F8E Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93de2206783f349aa7b7e29697561bbb6297f90c9d1c008b741fb635e6b9ea55
                                                                                                                                                                                                                          • Instruction ID: a9dbd22e7fa46e2d97d82cd9fea3030d8ffaf9387416571e5fb21cd8e0d29060
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93de2206783f349aa7b7e29697561bbb6297f90c9d1c008b741fb635e6b9ea55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE812C70E1020DCFCB24EFB4D898AADBBB1FF49345F108169D415AB261EB70A985CF91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A090007 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 869387e3346a67652b925009ffd9ea13e3483029a09ab6150ddee25d1f4c080c
                                                                                                                                                                                                                          • Instruction ID: 127fc686b7ed23b4e37a12c3282c6eee011c199c4532f9df619f25a484a1da12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 869387e3346a67652b925009ffd9ea13e3483029a09ab6150ddee25d1f4c080c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48713535A01248DFCB45CF68D894A89BFF2EF8A320F16859AE441DB362C731A885DF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683066F Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b0ab44f81737f82072851e1a995c403ed04da1e3bd7b2ce4c0555d7ff3f83a50
                                                                                                                                                                                                                          • Instruction ID: 213eeb89db7eb6bce3e641343587f553d7968b0e36887ce30f256b5707e35be4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0ab44f81737f82072851e1a995c403ed04da1e3bd7b2ce4c0555d7ff3f83a50
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A51536145F7E05FDB036B78A9B80993FB09E4721870A44D7C0D0CF0B7D958989DD7AA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09C683 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7c7796efb8c8c0a7d45e6056af0caabe743d2a92c8c686d468366be4092d7d96
                                                                                                                                                                                                                          • Instruction ID: bf63f32c98cd68a7452b8bd875976c85b304d58725072730a983ec55efdb86f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c7796efb8c8c0a7d45e6056af0caabe743d2a92c8c686d468366be4092d7d96
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F671F634B002198FDF44DF69C884AAEBBF6BF89314F158069E90597361DB35DC42DB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09C690 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 694c03b6ff8a4a89794b6e4ff86be4a90b343a7b5fd2c848a343b3ab378a3e2e
                                                                                                                                                                                                                          • Instruction ID: a13f8b604912772816e453aff82cf84072d559e054a171e968f4fb2eecf832a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 694c03b6ff8a4a89794b6e4ff86be4a90b343a7b5fd2c848a343b3ab378a3e2e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5961E434B002198FDF44DFA9D888AAEBBF6BF88314F158069E90597361DB35DC42DB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AF97 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 748c0e4bf46409c829faabd4a09ead3b8efa5369188d3478bc7e3613540da500
                                                                                                                                                                                                                          • Instruction ID: 0f5f7eff7e693497b6ed3defa89b9b7a7bfd6791819ad17ea3a2c3fe1b8df17b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 748c0e4bf46409c829faabd4a09ead3b8efa5369188d3478bc7e3613540da500
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09711774A00209EFCB55CF68E988A9EBBB2FF45311F054568E805AB3A1DB34EC85CF51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098AA0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8378d06b391790604d43614209b448e574229b0a64da271845f6a0d39e07d367
                                                                                                                                                                                                                          • Instruction ID: cdaf35f156bc24fd4006bdc3f0174ea812b4e649cd40c6476b1c1293fc903fc8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8378d06b391790604d43614209b448e574229b0a64da271845f6a0d39e07d367
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2361A071A002099FCB14EF78D9846AEBBF2FF85300F048569D5499B3A5DB74ED45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E7F8 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4ca9cc4fe4348ee39e508372d7be3e50aac7a3eacaaa8e17fa42845e78000228
                                                                                                                                                                                                                          • Instruction ID: 7502b2a8d7ca8d710c334335e9028e68f97b9cad3a8820f8d0f4fddd7194b1e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ca9cc4fe4348ee39e508372d7be3e50aac7a3eacaaa8e17fa42845e78000228
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9714B31E10B0A9FCB51EF69C550599BBF5FF89310F11875AE449BB260EB70EA85CB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EFAB0 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c5b89f73119ae75360d182e1f5720130ef021af10c34354d1a349043d1394807
                                                                                                                                                                                                                          • Instruction ID: 869362a9c3d42443b631c29f19f4b0911c5f1c58418ac3f8ccf9cee5fb70ba22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b89f73119ae75360d182e1f5720130ef021af10c34354d1a349043d1394807
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3551E230A003199FCBA5EF78E4146EEBBF1FF85354B1085A9D419D7385EB349D068B91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A038D38 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: edf30e0576b0fb29f7797fcc3e456784841ad969e9196ee5a1a347d581fe7a69
                                                                                                                                                                                                                          • Instruction ID: e6484fda5ac0a95a36f49794e9ede08dd71c777c1f08f7849f2274032e4e5949
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edf30e0576b0fb29f7797fcc3e456784841ad969e9196ee5a1a347d581fe7a69
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42612D316002099FCB54DF64D980A6AFBF6FF84300F04CA69E5199B756DB74ED89CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03CC70 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2daca2752bb23b39e912444105f565c1739b253a984ffee80dcaf4f032506629
                                                                                                                                                                                                                          • Instruction ID: de11384eb71072f0182701a22d35c59158c9cfa16f3cff328047615e45c6e3f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2daca2752bb23b39e912444105f565c1739b253a984ffee80dcaf4f032506629
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7519E35B006098FDB54DF78C85496ABBEAEFC93507148029E91ADB355DF31EC06CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04EF61 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: efbcdd580d3209533c3cfdb3a21cfb89212a9522dcbded573dceacab3fdafe1c
                                                                                                                                                                                                                          • Instruction ID: d5e1c51513aa64a503b51d2714b7fcf5b12c16f1d605257906cab5239f35b19c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efbcdd580d3209533c3cfdb3a21cfb89212a9522dcbded573dceacab3fdafe1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2151E171B042495FCB05EFBC8850AEF7FE6FF8A710B158569E849DB352DA309906C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E7E8 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1dfee46f2f35c89268d018ee1d7a2fa7ad7222240f79c5b12f17df73a721b267
                                                                                                                                                                                                                          • Instruction ID: 85c0a3c332ac3cd8840882391799287bb97094d5ae72cd81c4bc106b4ee28dfb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dfee46f2f35c89268d018ee1d7a2fa7ad7222240f79c5b12f17df73a721b267
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0613B71E10B0A9FCB51EF69C550999BBF5FF89300F118759E449BB260EB70EA85CB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683F048 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f4585e20a1bd05a52a70e1c6bfc168590140a2a0f389a8c63b85e83e0aa62bad
                                                                                                                                                                                                                          • Instruction ID: 0e97ecc81b6ddd5701e65e66e620ed6e7ec46bd6e99e233c81943bd129c812a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4585e20a1bd05a52a70e1c6bfc168590140a2a0f389a8c63b85e83e0aa62bad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42511A74E00219EFDB15DFA4E954AADBBB6FF88314F10802AE901E7361DB349941CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A030006 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2cf997789af7a1a2f921859b7deeebe4446454413ef2e5cc1ac2a1ac2d40e903
                                                                                                                                                                                                                          • Instruction ID: f884f9e890d60669bc43d407e3c76099b3749828a184c25be85f5883a015d249
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf997789af7a1a2f921859b7deeebe4446454413ef2e5cc1ac2a1ac2d40e903
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23512A30A013489FCB55DFA4D8986ADBFF5FF86300F1544AAD406AB366DB749845CF20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098322 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 41687467f73e0e1085e0719165111afab4c26e3ce136e64fd3a03bc4c9541d18
                                                                                                                                                                                                                          • Instruction ID: 7ca332bd31694f74fa4193d4e34e6040f09e1524e0fa8e7c2a70097bed8e75fa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41687467f73e0e1085e0719165111afab4c26e3ce136e64fd3a03bc4c9541d18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91513C35600219EFCB04DF68D8849AEBBB5FF89311B11C56AE519CB361DB31ED49CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E97D1 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 37c91f8ae272cebc24fc48164b13a7ac19334fa76d6aba96cb96c5e417f3748c
                                                                                                                                                                                                                          • Instruction ID: a7cdd496ad85fde166990d6a257a8ad63b370045d76cd5f0688c15a0386c22ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37c91f8ae272cebc24fc48164b13a7ac19334fa76d6aba96cb96c5e417f3748c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA51C43020434A9FCB16EF28D990AAEBBF1EF85310F044569E4458F3A6DB34ED49CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5BE0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: be54de38e81aeb181fb976c94fac011d809347930a182300ce72fe2ca3e13fac
                                                                                                                                                                                                                          • Instruction ID: 413e4176579c92716c713793ea45447895f7805e7972ef11695ad8273249e52c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be54de38e81aeb181fb976c94fac011d809347930a182300ce72fe2ca3e13fac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3412531B002445FCB44AFB9E8145BE7BE6FBC9710B14852AE909CB381DE349D0197B1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04B710 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: eafa0749043b1b41d0ef7217a2452c6e7e09d39400d0cd01c95c5d1717ee137b
                                                                                                                                                                                                                          • Instruction ID: 95d89bfb601c56a4811dacc6ba260a9b7b201314a963862b4a102513219f30dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eafa0749043b1b41d0ef7217a2452c6e7e09d39400d0cd01c95c5d1717ee137b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C151E478A01108EFCB08CF68D58499DBBF2FF89310B2581A9E815AB371CB35EC41CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098B26 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0a0e2a58d3c0880bfa8e3136c1ca365f67e0e3bfed98865711a3f53b955e7e25
                                                                                                                                                                                                                          • Instruction ID: 8aa4343c1d52395c5398e0aa6234689f6d0fb2688b6f027bff45925a562ee1f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a0e2a58d3c0880bfa8e3136c1ca365f67e0e3bfed98865711a3f53b955e7e25
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD515070A002099FCB14EF68C984AAEBBF2FF85300F04C569D5099B3A5DB74ED45DBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09DD50 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 51a395f899b150c1f30a19855b8975b26bac4adb50de63f6eb17df7c8727d39f
                                                                                                                                                                                                                          • Instruction ID: 075c0af485daca0c95f3455b90e32baaa2d04fecd178961f437cf9b79ac3195c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51a395f899b150c1f30a19855b8975b26bac4adb50de63f6eb17df7c8727d39f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41BD31B002189FCB55AF7C88507AEBBE6EFC5750F1580A5E409DB395DB34AE0287E5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EF20 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f34366793ad456ef67dbc5662d0d5468907213b4a3aa1f53ff61963fb88eac8e
                                                                                                                                                                                                                          • Instruction ID: c7151c56a3a20494999c5ebe5157f5eaa3b101ff3b4673f04898b52051d7cc77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f34366793ad456ef67dbc5662d0d5468907213b4a3aa1f53ff61963fb88eac8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C417971E002199FCB14DFA9D8446AEBBF5FF88310F10852AD419AB340DB74AA45CF95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0454B7 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 67f87a76670c7ae4d6078be7e20f9a9d30b387bfeea5b24249d5dc26deedd776
                                                                                                                                                                                                                          • Instruction ID: 8e4bef6686073e776b946d347672273fb1e2c4c164247a9ab01d2f70b01b17ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67f87a76670c7ae4d6078be7e20f9a9d30b387bfeea5b24249d5dc26deedd776
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4515A75E00218DFDB64DFA8D994AADBBB2FF89310F258169D405AB361DB31AC46CF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044F98 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb2f546a8c410426a291f6fa7adb121f835edd0ea343c90e2ac2f8a082abc049
                                                                                                                                                                                                                          • Instruction ID: da2cd10e52382873b22734604a28a63b295faa2b441561f1a6ddc50e605dead5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb2f546a8c410426a291f6fa7adb121f835edd0ea343c90e2ac2f8a082abc049
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF41C831A10259CFCB01EFA8D8945ECFFB1FF45310F1581AAD446AB262EB34AD49CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683F540 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5f3509652fbf15138f631403a5b4ada3a670cb3893025d2f5c343b44c0c1f51c
                                                                                                                                                                                                                          • Instruction ID: ea687ab1b27763c9b5363c22d9eedec54973c9ceaf845e1626aa074d72df8ffa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f3509652fbf15138f631403a5b4ada3a670cb3893025d2f5c343b44c0c1f51c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14419C30F002188FDB48DF69D45476EBBB6EF89310F1481AAD60ADB391DA359D41CBD0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068343E0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 09980ef943db624b3a9b0d3831242b9eac041d16ee06100640459c6c6ae412f3
                                                                                                                                                                                                                          • Instruction ID: e511a974e3ecf963fd0ac40c7bcc91fa65ac18ffca9f4b368f00853060e4681f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09980ef943db624b3a9b0d3831242b9eac041d16ee06100640459c6c6ae412f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A41AC34B006088FCB04BFB8E4584ADBBB2FF8A311B14475DE426973D5DF3499498BA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03CE48 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 84ccb0e38a8315741fabd728515e0301b4d25a11798c9cb39dcdef6031998939
                                                                                                                                                                                                                          • Instruction ID: bf7165b89e402e2588a0d146aa924d66b237c1414ec18656b6de51ff7f679b3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84ccb0e38a8315741fabd728515e0301b4d25a11798c9cb39dcdef6031998939
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66511A756002158FCB44DF28D894AAE7BF5FF89310B158569E81ADB366DB30EC45CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06838E88 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8f4f9545e342a8f647971121c9e024fa9e481d716a100e10f1c0be60583f74ab
                                                                                                                                                                                                                          • Instruction ID: a923a93fd7c516c7b1d98f19bb496b93f6ab83fd0aa924d790a140c6fe91e30b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f4f9545e342a8f647971121c9e024fa9e481d716a100e10f1c0be60583f74ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E131A435709354AFCB546A79DC08A9ABF66EBC6330F248369F525CB3D2CE718805C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F0B8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f33f9f11dea5411445d7ba6ed69d5270be87750f8922babb27d02dd4dd13a35d
                                                                                                                                                                                                                          • Instruction ID: 9e6cfeaf641e093d5d9c355d05f3aebb7361c5d735221a3850d7c1556e0155ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f33f9f11dea5411445d7ba6ed69d5270be87750f8922babb27d02dd4dd13a35d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1419D71A002499FCB40EFA8C854AAE7BF6FF89310F10856AE909DB351DB30D951DBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03DE19 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ab993c88ea9891638acc2fecfcb88f322aff7ad537382eb19971aa834d67cf1d
                                                                                                                                                                                                                          • Instruction ID: 6109b7462db2d7adad9cdd3f504427480aa2d1c28f2914435a2352ee74b95ec6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab993c88ea9891638acc2fecfcb88f322aff7ad537382eb19971aa834d67cf1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7931B1717043425FD7599A38941932EBFE6ABC6350F19C6BED04DCB382DE748C4287A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9E68 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 13b9c6f6152b602b8564709d646e68cbeee982067c7b28389c63d20c7c2f4569
                                                                                                                                                                                                                          • Instruction ID: 16a18836e341f2a5721e3151a1a13910c0c605a6a0f5473c5dae3993f4999b08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b9c6f6152b602b8564709d646e68cbeee982067c7b28389c63d20c7c2f4569
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E41CF30E003199FDB98EFB8D8156EDBBF1EF85750F104169E901AB381DB789E009BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9C18 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6d7258da56b9d5a561e37eb4ba5eab0fbbca10394ea91dafbf84a2ee4b673ed4
                                                                                                                                                                                                                          • Instruction ID: 3267d06ee1a6ec35a664848b44c157abcae552b49e606d50485c1a54dd9952e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d7258da56b9d5a561e37eb4ba5eab0fbbca10394ea91dafbf84a2ee4b673ed4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4415E35A002099FCB44DFB8D849AAEBBF6FF88300F148569E405E7365DB39AC51CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047C28 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9bdf4e011f9b7f02cc72681c27639b832274df40cc72556eaacf9b9cce9e4d98
                                                                                                                                                                                                                          • Instruction ID: 7a46ac52766b4f8ca86513099cf0540870ee1191b12c8440b8d0dfa0b285ac55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bdf4e011f9b7f02cc72681c27639b832274df40cc72556eaacf9b9cce9e4d98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1419D71A1070D9FCB14EFA8C954AEEBBB6FF89300F008529E505AB250EB70A945CF91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8638 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ef577c0a5f4ceb161ca2cfa1a731d43445973aed76a88b35db9ad49b2b6605b5
                                                                                                                                                                                                                          • Instruction ID: 51445aeeaa103cc3522112847d798a62d8a33caa2c55e1bfbf69465beb982497
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef577c0a5f4ceb161ca2cfa1a731d43445973aed76a88b35db9ad49b2b6605b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6419831B003188FCB58DFB8C5585AEBBF2EF88364B148179D806E7351DA399C418BA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A037978 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 962141abbea577fa7572dbbc0719a57ae44b56c2630a1e35ddd21603184e7058
                                                                                                                                                                                                                          • Instruction ID: 5126cfe1d8b56fd7dd2a9b5370e110fcc72e90f2c104556cd946f479c543ee99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 962141abbea577fa7572dbbc0719a57ae44b56c2630a1e35ddd21603184e7058
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E31D2727546089FCB98DB38D458B2D37EAEBC9710B1448A9E406CB3A2EE35DD428B51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0321D8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 22663373448274e864aec941a52e703bc30345e69316376b2fb594b61b93b9e2
                                                                                                                                                                                                                          • Instruction ID: 28616f1c4203dddd9de8dc21d24b11f13456dc142ff3c40026af6443d19707a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22663373448274e864aec941a52e703bc30345e69316376b2fb594b61b93b9e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06416C74A002099FCB14EF78D884A6EBBF2FF88300F148568E90697395DB74ED41CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9800 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2d3e29ef07cdc224b3ba9d03006982e47ba4eb8d7ae4d7edee473b80e5e9adcd
                                                                                                                                                                                                                          • Instruction ID: 2b9a338a4b7baddbf2d931c26c54dff744242f46eb977ba10e928a3c6436faec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d3e29ef07cdc224b3ba9d03006982e47ba4eb8d7ae4d7edee473b80e5e9adcd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D84183307003099FCB15DF28EA94AAEBBE2FF84310F444568E4459B3A6DB34ED45DBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09B9C0 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 94332501b4ca8fd5a0b90c665e488d9eaa350b6cf1f139048c16681cb4c6fedc
                                                                                                                                                                                                                          • Instruction ID: abb0e03d02b29728f7e719e6309e3837cac750396bb977c7369d91cc46a69906
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94332501b4ca8fd5a0b90c665e488d9eaa350b6cf1f139048c16681cb4c6fedc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A731A2317002599FCB14DF69E898AAFBBF5FF8A320B144469D545D7251DB30AC05CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9C28 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d642e813654940bd005803ed59f3a36fde461b9f2e456626676889362e8ccd6e
                                                                                                                                                                                                                          • Instruction ID: 92bead72b946d7c43bd259c36275209eb793ea0d297480aa63c9777c3bbe6627
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d642e813654940bd005803ed59f3a36fde461b9f2e456626676889362e8ccd6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3414C35A002099FCB44DFA8D848AAEBBF6FF8C300F548469E515E7355DB39AC51CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683BF68 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 17709ac2f3d6de146422930b6317f87eecd9096d2fa4a9565c78ba800dfcafd0
                                                                                                                                                                                                                          • Instruction ID: be051a4bed9005a196fb502ee772fca413301eace7a237f27b3ec526e286b3f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17709ac2f3d6de146422930b6317f87eecd9096d2fa4a9565c78ba800dfcafd0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D41BF70A453949FDB41EB78C8257AE7FB2EF86300F1044A9D501EB3A6DF788905CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A032390 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a359b0ccbf89b8d525dd3369f830f1f9413b91da3a8e585a999f9b3d328ec760
                                                                                                                                                                                                                          • Instruction ID: 7fc876565ec0de08acd85417aac2a332372d5a8e5e6e897e9f85f0171cb1678b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a359b0ccbf89b8d525dd3369f830f1f9413b91da3a8e585a999f9b3d328ec760
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E416C35B002199FCB44DF79D8549AEBBF6FB89611B108069EA05D7355DB30DD01CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A033F98 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dd21e1afc4a25f50e210d876321b83dcf8fd26f659b79698b76dea06aa0d5bde
                                                                                                                                                                                                                          • Instruction ID: 2e021ffd7e35d410d245b06cd29ed8cd8a6bd5617014f760508d1b238168bfe8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd21e1afc4a25f50e210d876321b83dcf8fd26f659b79698b76dea06aa0d5bde
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F4183702007465FC711EB38D99095EBBA6EF81350B10CA28D0568B7A9DB71F98A8BE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A046A80 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4e35070781c9d82f39c1fbc93b4e18369b76150dbb3ea91d02c666c28315f10
                                                                                                                                                                                                                          • Instruction ID: f68b1f0914716f73988f2407f362dff80f2fd63c23758ec9d07f2dd7ffefb879
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4e35070781c9d82f39c1fbc93b4e18369b76150dbb3ea91d02c666c28315f10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9941E574A01608DFCB14CF68D584A9EBBB2FF89314F158469E805AB365DB71EC85CF50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03AAE1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a4c2c1c4b29e4f9abc462aea25744cf8c5c02dfb68a5ec3c5b05f04bb8d49b1e
                                                                                                                                                                                                                          • Instruction ID: 1be94380ae31dfaf0ac3586f79de297aac66a5f204e7589ce7259fa6d9480878
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4c2c1c4b29e4f9abc462aea25744cf8c5c02dfb68a5ec3c5b05f04bb8d49b1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F831C3327141089BD7688A6D8494B2EF7EEDBC5290F45826AD885CB356C777EC808B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068329B9 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5940ce1713e9b27782832364fda9d4dade8a9a898cfffcc92d579ad12ccdb534
                                                                                                                                                                                                                          • Instruction ID: 103ecc076997a205e4d49e0dd8381cb3f35ae7cff8b60a56e0963012c392be10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5940ce1713e9b27782832364fda9d4dade8a9a898cfffcc92d579ad12ccdb534
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4731E834B002149FC784EB7CE46556E7BE6EBC87507104629D80AE7345DE389D078BF6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A038A9F Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ee332ba4c9d81ecacb8fdf8a4796125549fdfa5d1c8c4fb5b143a9f1dd7aa9c8
                                                                                                                                                                                                                          • Instruction ID: 43b0cd9d0d04915490844f1108a1904ea0d212d9a3df0c1a8a534ead035faf02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee332ba4c9d81ecacb8fdf8a4796125549fdfa5d1c8c4fb5b143a9f1dd7aa9c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 233191716002089FCB14DF64C9546AEBFF6FF88710F148568E806E7391DB74AD49CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9D98 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c60b995e9e5844d0b25906248cd9732a7b71bc22f555b7b02a503f5d2abfdab9
                                                                                                                                                                                                                          • Instruction ID: ed9d40a3f0b776440924c543ee4373f12cd24f15bbcc25261efd98a0800f9f3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c60b995e9e5844d0b25906248cd9732a7b71bc22f555b7b02a503f5d2abfdab9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7331E131B012059FC715CB78D8549AABFF1EF8A754B1881A9E959CF3A2DB30EC06CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EB657 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dfcaea370eafb07a4d9dc9df6f98eddf66f02347d6f93bc51f6e239c55b2c9fd
                                                                                                                                                                                                                          • Instruction ID: 270f9651e4d6221ba01797f61f4346a8fe05c94af1097cd07500ceb97e0268e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfcaea370eafb07a4d9dc9df6f98eddf66f02347d6f93bc51f6e239c55b2c9fd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1741B170300359AFCB05DF28D59486ABBB2FF8530071482A9D8498F35ADB38ED55CBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A046A90 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5182425c72072ad9f15b9ca38bf1b1586ee8a1f4f191a96cbd8515648ecba90b
                                                                                                                                                                                                                          • Instruction ID: b73b9270b1c377a1153b3745bbe3b79c7e6f83c04dcd081f6be983a646bdfdb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5182425c72072ad9f15b9ca38bf1b1586ee8a1f4f191a96cbd8515648ecba90b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C41E474A002089FC714CF69D584A9EBBF2FF89314F2584A8E805AB365DB71EC81CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0ECF70 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 727a21bb55a7e0982ce8b7b7579abb01a5589778bbf8e18a4eb071dddce181c8
                                                                                                                                                                                                                          • Instruction ID: 1a8909df2fe1dbea76733ce5d568bd8810d5a4b70e934246ca3ccd0fb3140778
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 727a21bb55a7e0982ce8b7b7579abb01a5589778bbf8e18a4eb071dddce181c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17310435F00218BFC719DB68E8444ADFBB3EFC9360B088665D806AB354DB759D019BD5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0489D9 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 66f3f44005856c58111b1ed563c7ab6324247c1d05b787b08ad276d1b537fce9
                                                                                                                                                                                                                          • Instruction ID: ace03d93cc3bff56365f2764d752d8e8de41bd548ffb06eb1d5b695951522e27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66f3f44005856c58111b1ed563c7ab6324247c1d05b787b08ad276d1b537fce9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4319CB1A102188FDB14DF68C9546EDBBF2BF49300F198978D805BB250EB71AD49CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E7BA3 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1a0b49bbbb64939ad840af5bbb90e38a6ebb25f9c1efa725bbb6072833dfae9b
                                                                                                                                                                                                                          • Instruction ID: e51f8a06ff6ab2358a75a0cd97fbd1c1456d3bde5f519307b7dd047a08626524
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a0b49bbbb64939ad840af5bbb90e38a6ebb25f9c1efa725bbb6072833dfae9b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3931CB343003098FC715CB38D494A6ABBEAEFC9350719896DE946CB365DB70EC42DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A099B98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a1efc425947f5ab78419aaff7d4fad5142c51768bc91bbedb1ae68ee529c3c86
                                                                                                                                                                                                                          • Instruction ID: 8ce52d871ef1331870ecb793b9b660f5ba9028aec819ffa02058ad046bbf8e9c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1efc425947f5ab78419aaff7d4fad5142c51768bc91bbedb1ae68ee529c3c86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE314A71A102089FCB14DF69D884AEEBBF5EF88350F14846AE406E7361D7719C40DB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068308C8 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ddc7be87240a336bd8da07ed1bb9aa9fa45e8f04cd2f8b9f085f1a925764a344
                                                                                                                                                                                                                          • Instruction ID: 3e088208207467e544f321a7080fc3e91feaa614d3556bd07430ceac78254b31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc7be87240a336bd8da07ed1bb9aa9fa45e8f04cd2f8b9f085f1a925764a344
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5231A330B006158BEB55EF79D95476EBBE2EF84700B148129D94AD73A4EF34C842CBE5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E7028 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 97efce6cbc94d65854f5edbe8e6a2430645b86286f7c52a177b146a61867f25d
                                                                                                                                                                                                                          • Instruction ID: 53a0fac23658479a9f197ccfea116f7d3589cd98093fa476a826fee4e6b4b184
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97efce6cbc94d65854f5edbe8e6a2430645b86286f7c52a177b146a61867f25d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 463104347003148FCB45EFBCE854A6E7BF6EBC9750B15406AE409DB396DE349D028BA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A090C6D Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0b6a5660e13c7828c8b822d3b7154a751a086fb6128108bc945cc4f582819ea4
                                                                                                                                                                                                                          • Instruction ID: cab634a8461b4a3f7e6bb7e000221a25ee66cf10941a62cee8eb41f0911a001e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b6a5660e13c7828c8b822d3b7154a751a086fb6128108bc945cc4f582819ea4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5541F574A01208DFCB14DFA8D494AADBBF1FF48305F148569E909AB361DB76AD42CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06838B88 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a14feac1d30e2464d0a08708ff3aa2cb74c6d54b7395fe931b4ed0997d58d5cf
                                                                                                                                                                                                                          • Instruction ID: 3d8deb09fe0188114b261b90b83b85a2611daad1d592fa9aecf9c3355fad2244
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a14feac1d30e2464d0a08708ff3aa2cb74c6d54b7395fe931b4ed0997d58d5cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD312830B0A3958FC7856B78E81849D3FB6EBCA35071506AEE505C7352EE398C05C7E0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A032380 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6d34d6fad604c054d4edef5cd13b56b3fbdf1ac974c26920ed3f288cb18734d7
                                                                                                                                                                                                                          • Instruction ID: 916a46f9d1661c9f08cc4648dd89f6a616dc9c53dbeadd557da74be310130ea7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d34d6fad604c054d4edef5cd13b56b3fbdf1ac974c26920ed3f288cb18734d7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4319E35B10209AFCB44DF79C8949AEBBF6EF89211B008068D905DB365DB30DD41CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068391C8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a81422a1999675ee5648820ea6a15bf98ec426eeeb47a1ecff48ac974a4c8125
                                                                                                                                                                                                                          • Instruction ID: 1f2b3db7ce776d36884eabdd123f679839df408b1b71c15b394db5e7d2ce89e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a81422a1999675ee5648820ea6a15bf98ec426eeeb47a1ecff48ac974a4c8125
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10312A34B403148FDB58DF68C598AAE7BE6EB8C700F14056CE506DB3A5DE759C41CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044E60 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e1e6a521b13b1df860db40509d3a89a5d430f4618d5b29e39041b2108a6ba97
                                                                                                                                                                                                                          • Instruction ID: 640bf411144f9a700da5109e8a09c8a457e67be53fe6167e18652e36d8b39db9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e1e6a521b13b1df860db40509d3a89a5d430f4618d5b29e39041b2108a6ba97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A4125B4E0025D8FDB54DFA9C594BAEBBF1BF88304F108069E401AB365DB75A906CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A033FB8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ed231c76ee48f925bda96da5f36f7534fce240082af5eb20a3de9145b79a389e
                                                                                                                                                                                                                          • Instruction ID: f3e0fd0c9808fbc1912b2158a8e2f72154af5c6ddebd0b097fccf075ffa5ba91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed231c76ee48f925bda96da5f36f7534fce240082af5eb20a3de9145b79a389e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D3143702006055FC715EB28D98495EF7A7EFC0350B10CA28D1568B7A9DF71F94A8BE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035110 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a7882aadd390823462eb2d8f01b835867b8b759adaecd7b36f50b5205e240fbd
                                                                                                                                                                                                                          • Instruction ID: b59eb75f5283cc3e0ec728e2a7866924516715ff6dbd8db80cd138774c0b8cf8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7882aadd390823462eb2d8f01b835867b8b759adaecd7b36f50b5205e240fbd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA31A2367003448FCB589F79D85886A7BEAEB89361315817EE90ACB352DE35DC02CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EB668 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0c9723dc17790b525bd67a9bdbba06c9da561665b6854c1aefe23178cdfc0231
                                                                                                                                                                                                                          • Instruction ID: d6ce4201b694d95d7022fe0807ab909fcb17aebea5c7d05d164f077fe7aa5a7c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9723dc17790b525bd67a9bdbba06c9da561665b6854c1aefe23178cdfc0231
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B331C27030025AAFCB05DF78D59486AFBB2FF853007108269D9498B35ADB38ED55CBE2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042600 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 360554d228ba2565557b4093a200818644490acb7c5140b4251ce6099e2b41bc
                                                                                                                                                                                                                          • Instruction ID: dd66b0ee9e740e563d742fc6ac99159cb22394dc0fe8dfaa6603dbe565887151
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 360554d228ba2565557b4093a200818644490acb7c5140b4251ce6099e2b41bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD316970B003189FDB59EF38D4546AD7BB2BF8A710B1041ADE40ADB391DF359D428B91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04A588 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fcc0eaa85258d9ee5878cfc2f5887b4c04956096b0853d305322737ec7cabc14
                                                                                                                                                                                                                          • Instruction ID: 8ba261d828b92f666cd7b11520b159bbb6fec5a35b9b24c553eeea1abff3d19a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcc0eaa85258d9ee5878cfc2f5887b4c04956096b0853d305322737ec7cabc14
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8313E30A1060DDFDB04EFB4D854A9DBBB2FF89304F558169E406AB361EF71A946CB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6350 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e583508150618bae3c7e838f6615e058a33e1531dd7c7e58e1222a7285b2c7a4
                                                                                                                                                                                                                          • Instruction ID: 505f714d97f0979f02422442dd349789e8f57820ddeae7551912b9808a0f435e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e583508150618bae3c7e838f6615e058a33e1531dd7c7e58e1222a7285b2c7a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB3149703043818FC755EF7CE4A0A99BBE2EF8A21471545AAE185CF366EA35EC05CB94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683CAD8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e9e40734e784f40a303296e98e06882f1d8deef6d9e59b8850d3a6d244ee9cf6
                                                                                                                                                                                                                          • Instruction ID: 5cc74fd4e191946227e9c9fa2c21da3841e7aaa80d06593f5459ac32def4f471
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e40734e784f40a303296e98e06882f1d8deef6d9e59b8850d3a6d244ee9cf6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95318B31D00B0A8ADB10AFB9D8106D9B771FF99320F24872AE059B7241EB70B5D5CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044CA8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cefe5987b3b0c304e08ff78c1c54d5bd45f10ccaff9bb3d08dae9702a944413b
                                                                                                                                                                                                                          • Instruction ID: 01e08eaa4df5bc25dc3bddc0c4d6b1f5ea4349d807e8fccfe55de2eaa34c2ca1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cefe5987b3b0c304e08ff78c1c54d5bd45f10ccaff9bb3d08dae9702a944413b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1313E74B0061A8FCB14DF68D980A6EB7F2FF88314B258565E844AB325D771FD41CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E7BB0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 07d6525528acda17a16487b9437985ff5df719d5c159ee662f1be6e5c9bd8659
                                                                                                                                                                                                                          • Instruction ID: 27678ff1a7bbbf63c3a8fb6d94ee559a3b8f65d21ded90d9ca8b1cc5a3d0422e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07d6525528acda17a16487b9437985ff5df719d5c159ee662f1be6e5c9bd8659
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA3169343007099FC754DB39D894A6AB7EAEBC8351B19893DA946CB364DF70EC42DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068391B8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4609c80c58e23fc7736fcbada17b1cab8383e673e41287c4d338cfd1c05d4e71
                                                                                                                                                                                                                          • Instruction ID: f46eb78f7abaf8ea9961fb8725015f305bb312c3acff4debec58927b57a0f13b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4609c80c58e23fc7736fcbada17b1cab8383e673e41287c4d338cfd1c05d4e71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51311C34B00618CFDB54DF68C598AAE7BB6EB8D704F1405ACE506E73A1EBB59C41CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0321C8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f0310e2caae67c6952a947c42bce6aae18c33f7f5cc64e7eb571a3fc889dc34c
                                                                                                                                                                                                                          • Instruction ID: 71aff6d788fa40b88ef1289602ccc53f19841466640042c58d4e5f62667877a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0310e2caae67c6952a947c42bce6aae18c33f7f5cc64e7eb571a3fc889dc34c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9731A074A003059FCB04DF78D884A6EBBB2FF89300B148568E9169B396DB74ED41CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06836659 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b2c4892111a519af3bdebcce0c47c9e9c7a1a395e82fee4883838337b5c532d
                                                                                                                                                                                                                          • Instruction ID: ec07bcb32ab28dbda9ae542d809ae91d3e3429537c82d4a184e1a2b3d2acf4e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b2c4892111a519af3bdebcce0c47c9e9c7a1a395e82fee4883838337b5c532d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A414A35900209EFCB45DFE8E9499DCBFB2FB48318F05815AEA01A7362DB395955DF20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09927A Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 91ecf38420a6cb29b6d5d1a0f1d40dacf50158804db419ca3fe200de11b29fd4
                                                                                                                                                                                                                          • Instruction ID: e3f6c38aabe32461ba8e7f85e8bca47d09d46de9c0a1e58b03b2833c3d8a10c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91ecf38420a6cb29b6d5d1a0f1d40dacf50158804db419ca3fe200de11b29fd4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9313E70A00208DFCB05DFA8D994A9DBBF2FF89710F14C059E9059B3A6CB749C46CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044C98 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 99f65f3347cf72a9eb17d37ea0050f82d3080a718f2200ac1f3d76cc227fef66
                                                                                                                                                                                                                          • Instruction ID: 9e37226dd8b3994c3093213cea9d3e3e3f0bb3b991f34eff42abf73583024826
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f65f3347cf72a9eb17d37ea0050f82d3080a718f2200ac1f3d76cc227fef66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB315E74A0060ACFCB14DF68D5809AEB7F1FF893107268165E884AB326D731ED46CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047DD0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ccda00eca1af117bda37571fa675e3a3acd16ad64d8d0dd9e631e62c47d95d0b
                                                                                                                                                                                                                          • Instruction ID: f08064822ec4a75611a9ff45c945a3fa68bd1a358ebb34ba038f30db846adbc1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccda00eca1af117bda37571fa675e3a3acd16ad64d8d0dd9e631e62c47d95d0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0315E72A0021C9FCB04DFA4D9949EEBBB6FF88300F148569F906A7255DB30AD56CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683CAE8 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 529486649709dd115ece63ae9033f24ab4b2abf341fd8d52efdfd4736b7bcbd6
                                                                                                                                                                                                                          • Instruction ID: 79fe25e774a06b1c9ea1cc90ede952e2621c34d628c20408d18c0917d753323d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 529486649709dd115ece63ae9033f24ab4b2abf341fd8d52efdfd4736b7bcbd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2316332D00B0A8ADB10AFBAD8016D9B771FF99320F20872AE45977240EB30B5D1CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068308B9 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 759db8b6db15da96d6d4eec19500d4cb8654c1a459c670c5a459f8e19980267e
                                                                                                                                                                                                                          • Instruction ID: bb791b18d10bf9cb8d3d472c6152635481017cd8ec135765d81f668151402bb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 759db8b6db15da96d6d4eec19500d4cb8654c1a459c670c5a459f8e19980267e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2531BF30B007158BEB91DF79D85476EBBE2AF84704F18812AD94AD7395EB34C842CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8E48 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ad9d7d234dcb863fa02550421faa59926230d3256b2daf92200cee186f212078
                                                                                                                                                                                                                          • Instruction ID: 74223320a701c1f374feaffccbdc084c5024d27ce4e2252153f7ba2eaa01b919
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad9d7d234dcb863fa02550421faa59926230d3256b2daf92200cee186f212078
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18314F35A002098FDB14DF68D454AEEBBF6EF88310F1581A5E511BB3A5C7749C89DFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E80A8 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bcacda9228730d66b6499197e406e7fcd3fcbdb2067b07b8fd7f196e7f9aa1ae
                                                                                                                                                                                                                          • Instruction ID: c04a0eb6110db3cfcf321ffd19069b02632bf875b24b8d1daad7ce180f5bd479
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcacda9228730d66b6499197e406e7fcd3fcbdb2067b07b8fd7f196e7f9aa1ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A318B74A00249DFCB04DF68D8848DDBBB6FF89314B208199E9059B366DB35ED46CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E490 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 07bfe8bc6c0eeb4097673397218761047b0aa9aa18ffdb725fc56131c97aab37
                                                                                                                                                                                                                          • Instruction ID: da6c778d590c16fd149db16d7de1197de4f66b95905981bca43e9cef5c6d74e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07bfe8bc6c0eeb4097673397218761047b0aa9aa18ffdb725fc56131c97aab37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C318071B0120A8FCB40EF6DD95096EBBF6FB85204B004629E406DB356EB30ED44CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8E37 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: da9f0ad87e1a7c8c4ba6c806bcd322c31b59609b62ecad0332eeefae905ccd5f
                                                                                                                                                                                                                          • Instruction ID: 4b047d36c2aa0fc620071388d981d080b19bc929c9b4c15d34f9eae6fb2d9e1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da9f0ad87e1a7c8c4ba6c806bcd322c31b59609b62ecad0332eeefae905ccd5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48315030A002098FDB14DF68C454BEEBBF2EF89310F1581A9E411AB3A5D7749C89DFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06836668 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec15f0c57d7e9d5170ecd24571c35a2d44122abb14330bd13505d7b6d38a6411
                                                                                                                                                                                                                          • Instruction ID: 92d58149769f6ee5c418fb5c7a85fbc8154dd5b5fe138bbd45eb8802e839d188
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec15f0c57d7e9d5170ecd24571c35a2d44122abb14330bd13505d7b6d38a6411
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5313834900209EFCB45EFE8E90999CBFB2FB48328F05811AE90167362CB395955DF20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047DE0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5335470cb4cb89f9ad439aa42fa388826804c845419159bf4e827aa9e8612fe5
                                                                                                                                                                                                                          • Instruction ID: c2907eeb76781c18123481826ab26352ccb3deb009fd342364bd8d6c7f07b246
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5335470cb4cb89f9ad439aa42fa388826804c845419159bf4e827aa9e8612fe5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E317F72E0021C9FCB04EFA4D8949DEBBB6FF88310F108529E905A7255DB30AD56CBD0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03DEE0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f34ba40f81422f305e57392feae01a4db38fb50bf26be51e747b2adb4f93776
                                                                                                                                                                                                                          • Instruction ID: 816eb3afef1974e4a2fd9d1279159f9219c221f199bb85153b35bb33b88c3e9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f34ba40f81422f305e57392feae01a4db38fb50bf26be51e747b2adb4f93776
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC2130327142569FC7995728989833DFED6AB8A310F198A7DE00FCB381DF6488518FA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E480 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c423749dd8e262d907bed819ad4b4524f7346fa225d080ba664f599a5abcbc9
                                                                                                                                                                                                                          • Instruction ID: 74c05860be3b4860c29d2c7cada88a9e461939744b13bbc0e16c192117dc323c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c423749dd8e262d907bed819ad4b4524f7346fa225d080ba664f599a5abcbc9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33317E31B0130A8FCB41EB6DD95056EBBF6EB85200B00466AE406DB366EB74ED54CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068354A1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e1eb76d255f1aeb1cf53bf9380d7728e8821656c805062d24d9091f19035207e
                                                                                                                                                                                                                          • Instruction ID: c72fc458c676d5952f9e7154ab367d73a4a05a369bc7e62cae2d9abb5f88222d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1eb76d255f1aeb1cf53bf9380d7728e8821656c805062d24d9091f19035207e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA2146312053805FC7466B3CE82457D3FA2DEC23513098AAED056CB3A2DD29DD4AD3A2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683CE81 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 89fb42cd76320f650cc1da0b552bba42a349323b21a70903c429d24820476d83
                                                                                                                                                                                                                          • Instruction ID: 4f5f8c0185a031d9090b7b1ef72f51e5f8665b573cb9e9270cc481121042a12c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89fb42cd76320f650cc1da0b552bba42a349323b21a70903c429d24820476d83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5121B731B0A3A08FDB696735A4582BD3FA5DB42746B04016DE147DB783DFA9C844C7D1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04BE78 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4013ae5155f7966c2942715255c64b2446d4742600b32fe26ca0df07cc5b731e
                                                                                                                                                                                                                          • Instruction ID: 405165e98b561ed7b9bdf2cb7cfa1b3451acf3d71ab538b6ccbece6f881a835f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4013ae5155f7966c2942715255c64b2446d4742600b32fe26ca0df07cc5b731e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB219E70B002099FCB50EF6DD5909AAB7F5FF89600B004269E40ACB356EB34E945CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06839311 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f02e35cabbce4c5c397cf3bcd62e745ac0cf271e19f2144cb43333117a8fe3a2
                                                                                                                                                                                                                          • Instruction ID: ba43fd794ee72062c3078a9f4ee8fec4306ff2a889528131cf51a23abad93edf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f02e35cabbce4c5c397cf3bcd62e745ac0cf271e19f2144cb43333117a8fe3a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21A730B4A3908FCB562B35442416D3FA2DFD635471905AED549CB7D3ED688C0AD792
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04BE68 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 420d6b3d896e48dc09a571648104eb531e57c81206aab06cb4b383e03319e41c
                                                                                                                                                                                                                          • Instruction ID: af8a8638cd0ddae1bbf4ee80c219fc6216bffbf79634e609b3f0cbf130432839
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 420d6b3d896e48dc09a571648104eb531e57c81206aab06cb4b383e03319e41c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8721B6707003099FCB51EFADD4509AAB7F1FF85600B104269E40ACB356EB34D955CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044CA3 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c17ce510edd863948acbf4873d2635ed175f1eaaa8d5b7b28f40013f15bc2a4f
                                                                                                                                                                                                                          • Instruction ID: 1cf33017e6f29a2ea523bac60fab713a241142d81a3b5fc8b3239446da56b5de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c17ce510edd863948acbf4873d2635ed175f1eaaa8d5b7b28f40013f15bc2a4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76312C74A0060ACFCB14DF68D5809AAB7F2FF88314B258565E884AB325D731FD46CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06839840 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a105f608147a95e0b1f8217ae89c842f72523a1abea3069b241829142c5da085
                                                                                                                                                                                                                          • Instruction ID: 3584da8d20ba47298e48f80abdc4eebdeca92fc5c405ed7ff2f8d8b810efa8eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a105f608147a95e0b1f8217ae89c842f72523a1abea3069b241829142c5da085
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F831A031E0071A8FDF11AFB9D4141EDB771FF85310B10862AD45AA7741EB75A941CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04B24B Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 773b89ed597fef1de3ca0a20f9044dddfef5d747bfa5a062d14df530c4c441a3
                                                                                                                                                                                                                          • Instruction ID: 8ca34aea8bce09b1e58531a2be42a0208e56c14de17ed53b0323ad180545eec5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 773b89ed597fef1de3ca0a20f9044dddfef5d747bfa5a062d14df530c4c441a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B431D075A0020DEFCF45DFA4E994AEDBBB2FF49310F148029E916AB260DB31A915CF51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F900 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6dcbce05b287e4c517090755c62161f8f24548b2d5803f9a81a0e2baef18d047
                                                                                                                                                                                                                          • Instruction ID: 36969483ff808b34a67770c9f8e6152ca0b33953da3583a9b9602e13296407d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dcbce05b287e4c517090755c62161f8f24548b2d5803f9a81a0e2baef18d047
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B217135E0035EABCF11DFA8D8506DDBBB5FF89310F10422AE506AB254DB70AE45CB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06835C18 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fde741f22ee84a5f00ef07333203c606650964663d3dd6bfddcf45c2b72c0291
                                                                                                                                                                                                                          • Instruction ID: c156632c4e89ce0b1499294b8d1e45bc0b3ec271d25cd19ffce2b6e0994005fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde741f22ee84a5f00ef07333203c606650964663d3dd6bfddcf45c2b72c0291
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D316D35900205EFCF82AFA8E906DAD7FB2FB48311F148168F60097362D73A5965EF61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06839850 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0bca391ee0292db9a4113e847f401add31e5fe908aabd59569882e9b2db9487f
                                                                                                                                                                                                                          • Instruction ID: 9f54f17c0db6e0200c0ec6062378d6070dcdb0d53f6eb702244ac65bb454cad4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bca391ee0292db9a4113e847f401add31e5fe908aabd59569882e9b2db9487f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7318D31E0071A8BDF10AFB9D4141AEB7B1FFC4310B20862AD51AA7741EF75A981CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A043268 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 29c5c7729706b4dcc403f8394321ef90057df6e2068fcef1ad524a1089c339e4
                                                                                                                                                                                                                          • Instruction ID: fa8a5487d46f0ae635af5bacba4cbf0e3b36f93973fe76341e5de47643527113
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29c5c7729706b4dcc403f8394321ef90057df6e2068fcef1ad524a1089c339e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA21F231A003189FCB05AF78E8544BE7BBAFFC6320B10456AD005AB391DA355D86C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044310 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4afa5a20dce5d06cdae20720f448ac6a4c839b0df8341ecd0a6820420c763191
                                                                                                                                                                                                                          • Instruction ID: cfddf7ea96f74cb1b44f1c91cb427c5066c567d6e6b64c1d79f583690034b96d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4afa5a20dce5d06cdae20720f448ac6a4c839b0df8341ecd0a6820420c763191
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87217CB4B101089FCB50DB69D4C0AAEB7F5FF88609B248579E909C7315E772EC06CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8D680 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b66a66fb7038ed3ab14b25d263cf9b7ea035f295432478ca4e75ed8db7af5931
                                                                                                                                                                                                                          • Instruction ID: 51b0cc2b145ca9707be3060331c6d6fbd35f3dca02ea4bce972880a3922597a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b66a66fb7038ed3ab14b25d263cf9b7ea035f295432478ca4e75ed8db7af5931
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C212475104244EFDB05AF14D9C0B26BFA6FB88314F24C269E94A0A2D5C336D816CB71
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E80B8 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 709cbe8fbf6f1e70a53e0f7d90bad88361f1aef7e9380c36b9caeab71542b916
                                                                                                                                                                                                                          • Instruction ID: 9cf5b3809f993b32180a52084c83736c425bcb3d1b2e4da645d7a72fd12dda77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 709cbe8fbf6f1e70a53e0f7d90bad88361f1aef7e9380c36b9caeab71542b916
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A314A746002099FCB04DF69D9848DDBBB6FF89314B208199E9099B365DB36ED06CFE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CEB0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6d31286b66848e6a625aa6a944c63f1d230286d48dce8486c332858fb1da57a0
                                                                                                                                                                                                                          • Instruction ID: 2f01a19265031b0921ea64da8be0bd329bd1bbb5cc2e0f40416feddab7060f8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d31286b66848e6a625aa6a944c63f1d230286d48dce8486c332858fb1da57a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E210478B104158FC704CF69D5988AABBF5FF8A61472540A9E506EB332CB31EC06CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E0B0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a96cc5b926a02acbc71573002391f2517ee43371c05bd948cb8584e011793d7d
                                                                                                                                                                                                                          • Instruction ID: 140d12382c880c1912c622b53488831cf498516eea7866e193c61efebc468623
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a96cc5b926a02acbc71573002391f2517ee43371c05bd948cb8584e011793d7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 832190302042046FC705FF78D851AAEB7A7EFC1250B408928D0568F365DF74AD4A8BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8D16C Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a7dc5e2b194c4928adfd84168b98228a7d18fd5a40e5d5fd4006e0c632d8cee8
                                                                                                                                                                                                                          • Instruction ID: 3f29767d6970cc0b78a9c65dec416385036f1c1580d8423cb4a523b73548c08e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7dc5e2b194c4928adfd84168b98228a7d18fd5a40e5d5fd4006e0c632d8cee8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2721FF71540200EFCB05EF14D9C4B26BFA6FB98324F24C569E9090A2D6C336D856CBB1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04B8C8 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02d0e5a910841c5698450a9821b9ad89169e6dbad29ba6910ebb9d28d8b665ea
                                                                                                                                                                                                                          • Instruction ID: 219270670b9468abcc7df7a22c46cf589e96af2e691d95b0025aa5cb060e4748
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02d0e5a910841c5698450a9821b9ad89169e6dbad29ba6910ebb9d28d8b665ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4321C2316046449FC321CF29C944987BFF2EF8A31071489AEE48ACB672D631E84ACB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06835C28 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 28194322a8f7b903225c3a6d49c5942c1835aa82fa68c6f7238c9797f6394f8a
                                                                                                                                                                                                                          • Instruction ID: 1d38077e72b3f38cbacc2ebf4e2eb354f3de3dde73e87a9604a742542467684f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28194322a8f7b903225c3a6d49c5942c1835aa82fa68c6f7238c9797f6394f8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11311C35900205EFCB82AFA8E946DAD7FB2FB48311F158118E60457362D73A5965DF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048760 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e2e6a857549d95d484f97b4a8ca0b1f4091b04bdc6f7a5f4e2695e6e69c5df6d
                                                                                                                                                                                                                          • Instruction ID: f55986c9dae3ac1807f927de70df7c662e4f0c0ad9bf66a34e0f1efc46e54a23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2e6a857549d95d484f97b4a8ca0b1f4091b04bdc6f7a5f4e2695e6e69c5df6d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66215C7764420CAFDB515A68ED606D93F65BF41330F14CA23FA24CA2E0D731E468CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03A9A0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f966d8d57e47ca0d672e008440976bf14e744633eed4e64dfdfa87409bf7f867
                                                                                                                                                                                                                          • Instruction ID: ec9427aba9d1fcb1ab15104147e0ec305d0f387208a0167ee849d3fe064529e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f966d8d57e47ca0d672e008440976bf14e744633eed4e64dfdfa87409bf7f867
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8521057B31064E87DB645A76971563B33DE9FC1987B14C02E9042C76A4CF73C801CBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A037018 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7f6a7838c528cb5f773593b58eb36012d46fc7b3f9acd09a3cbf64aa6d3604d8
                                                                                                                                                                                                                          • Instruction ID: 46c201cd137ca7515c15930fa1075a4e86c472e81be8bc57f9f4cc025add5316
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f6a7838c528cb5f773593b58eb36012d46fc7b3f9acd09a3cbf64aa6d3604d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB21AEB6304358CFC714DF25D89496ABBEAFF89211B058429E956CB3A1CB75EC04CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09A010 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6d8864b20e98c4d31cb5aaeedc0b7390d0f62b30b5804adb95b43fff46c66dc
                                                                                                                                                                                                                          • Instruction ID: 01aeadfee5e9f06617b3f80b49cb7c195264dafa574d8749502dfa80c613c4aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6d8864b20e98c4d31cb5aaeedc0b7390d0f62b30b5804adb95b43fff46c66dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C215C757001189FCB44DF29E988DAABBEAFF897507158169F409CB362CB31EC058B60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04C9D0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d66d4c2dff3404ec593597c031fdfbad5478e793d7b707f095adc4b7a4263cd5
                                                                                                                                                                                                                          • Instruction ID: 8b3eba8705766c44c856498edce4560263a91ffad0f7d71ceb987d6b0085babd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d66d4c2dff3404ec593597c031fdfbad5478e793d7b707f095adc4b7a4263cd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 912181727017089FC720CF6ED9808ABBBF6FF882147158729E88AC7615D730E8158B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A044303 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 641dfc252b59afd65829d96c61f8fecd0682fb7aab41088484f3e156939f995f
                                                                                                                                                                                                                          • Instruction ID: 41f74cf6ba324bfd6357852a7e27aee05f87610db1c94285b94b3fcabe36f804
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 641dfc252b59afd65829d96c61f8fecd0682fb7aab41088484f3e156939f995f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89216DB47102089FCB54DF68C8D09AABBF5FF8960572485B9E945DB315E732EC06CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0324D1 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e1ce4a893133c14dbf5d20fd3b289ea06663a4d36cd1001a54030fa83cba0a04
                                                                                                                                                                                                                          • Instruction ID: 72010ec730ecf555fe7e09f5f4f167dbfc04ba09c3fb6f7bd2f4f73e8bb52006
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ce4a893133c14dbf5d20fd3b289ea06663a4d36cd1001a54030fa83cba0a04
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6421D170B001056FC744EB7CD851ABEBBE6EFC5250F018129E6099B395DF389E0687B1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8C70 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b1d8caeb79f839dbb0528a6d44a2b26ef5787c3e011624677f1b2ca91c78a403
                                                                                                                                                                                                                          • Instruction ID: 35b7c86336cb246ddbce16e7b457cd349c64ead656aef2fcd2f5c2c2e9a7ed46
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1d8caeb79f839dbb0528a6d44a2b26ef5787c3e011624677f1b2ca91c78a403
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E21A575301654AFD725DF29D498D7BBBEAEF89311B10802DFA4687361CA36EC41CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098A37 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 258ebdae354e31c35dae4a564773cb70ab775466b310bd13906c9438be643e10
                                                                                                                                                                                                                          • Instruction ID: ec4b8d0ea6cca28fd2bb2504a4c9af19c1e11fd8726e00a3fe6265295c88a782
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 258ebdae354e31c35dae4a564773cb70ab775466b310bd13906c9438be643e10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD213A729093989FDB119F78DC492AA3FA0EF57300B0D41DBD0C4CB252E664C646D791
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04B9D0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e54f8133dbfc8a0f9225abd6ca8315b6c4e0a11addf043f93a1bacfab2fea6e3
                                                                                                                                                                                                                          • Instruction ID: 9f49bdcba812ce73f223075ac5d3ee87c9d06947aa13e0a98c18f00de90dfb1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e54f8133dbfc8a0f9225abd6ca8315b6c4e0a11addf043f93a1bacfab2fea6e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 902167717107098FC728AF39E49862A77E6FF88211B048939E44AC7751EF34EC128B50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04FD90 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c038893b7b0b520139c37c913446e376ebc6e61d9a23a051cd53064d565b7f06
                                                                                                                                                                                                                          • Instruction ID: 1591d82355493f70aa479f5c1021d4a61954e83cf7adac9eba6c273ca22aa534
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c038893b7b0b520139c37c913446e376ebc6e61d9a23a051cd53064d565b7f06
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E21B372614A099FC751EF68C540DDABBF9FF46300F0046AFE086CB661DA30E945CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B050 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fd751c2f804c456bb8f65e1c50e68bf7641d580698bfb59d63e69b4af0eda041
                                                                                                                                                                                                                          • Instruction ID: 561b89258b18cc516496046470f6d4d7358a6d4cebca4933e995d21e8364b55b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd751c2f804c456bb8f65e1c50e68bf7641d580698bfb59d63e69b4af0eda041
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E11D370B002046FCB05ABBD9850A7E7BE7EFC9250B14802DE946DB391DE748D158761
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A097F60 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02bcac90b76ce27f2f1ade5bf2780501dc1712339e958274f39145147b251a3d
                                                                                                                                                                                                                          • Instruction ID: ce5191e1b03e242f55280f8dc8b56acfc72b5876b48cb8f8981fda414db057d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02bcac90b76ce27f2f1ade5bf2780501dc1712339e958274f39145147b251a3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31219231A103099FCB44AB78D848BEABBB5FF8A300F10C62EE545A7351EF74A845CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EB481 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5d3e169dc58a8894a057fb027bda6eb968fadd30a8d759741fb86c613bcf2a63
                                                                                                                                                                                                                          • Instruction ID: b529dafac31779a1cf4e3eeff94ab987c7c1816dbf40715511dd1c59ab23e448
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d3e169dc58a8894a057fb027bda6eb968fadd30a8d759741fb86c613bcf2a63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E210D312403049FC711DB38C940B9EBBA6EF81350F40C539E5594F3A6DA79ED49CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CEC0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 125c0036a7a592aab008b0a5b3ce077a820446c993748831f9d572605239d01c
                                                                                                                                                                                                                          • Instruction ID: 6c112548d987ec94b057e3908dbe4499db4e875701a89fc77b8d84e540a4f52b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 125c0036a7a592aab008b0a5b3ce077a820446c993748831f9d572605239d01c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5421E4B4B10519CFC744DF69D58885AB7F5FF89614B2540A9E506DB331CB31ED01CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0431B0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 92082fda5366541165e9bdaa2b60efcafbd3743d392481e78177b1efdca33664
                                                                                                                                                                                                                          • Instruction ID: 468432f47b954635525c22dfa8a62f15c952d0728ec86eeac5b0980359d10bab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92082fda5366541165e9bdaa2b60efcafbd3743d392481e78177b1efdca33664
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE21653291025D8FCF05EF78D8508DDBBB5FF9A310F05456AD401AB265EB709946CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045666 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 472f2d5419692ac9842f48563c9efcabaa785c727ee5626e1ff96b40c58b310e
                                                                                                                                                                                                                          • Instruction ID: 67538a32afd6695197b00c0e4888792b1e502a6ec136e5f57f9770b3d458ea0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 472f2d5419692ac9842f48563c9efcabaa785c727ee5626e1ff96b40c58b310e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80218071B10208DFDB14DBB8D884AADBBB6FB88714F24417DE505A7391D771AC46CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F7C8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b7dab3dc780a1f418cfd5d2b55d1b5d936b6e97927808e684acc04d8d16d9fb8
                                                                                                                                                                                                                          • Instruction ID: d59f409b2eece004cb1d35b166399cb109c2e66030400b98301a0a3d5de9038d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7dab3dc780a1f418cfd5d2b55d1b5d936b6e97927808e684acc04d8d16d9fb8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1212571A106098FDB18DFA9D858ADEBBF2FF8D310F14816AD401BB261DB319985CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03CC37 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6697fbbc6264b4c878d1670bb92fa3a133fbf8de2de53d2c5d64551627b0a975
                                                                                                                                                                                                                          • Instruction ID: 440df12b04861f940245bb177043d913d99606d1b0da5e86693f3a529856959a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6697fbbc6264b4c878d1670bb92fa3a133fbf8de2de53d2c5d64551627b0a975
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98118F327102064FEB54DB6CC4949AAF7E9EF85290715806AE80ADB36ADF70DC468B61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0324E0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dbaa6a4dce50f22e26e595fd8a203bc9ddd6ee44f2240bbacb9a4c8e948e5673
                                                                                                                                                                                                                          • Instruction ID: 11e1e16cd84a1ca343b65254348fc6f21e2e3e142e9fbed7cc700a5e99ba953a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbaa6a4dce50f22e26e595fd8a203bc9ddd6ee44f2240bbacb9a4c8e948e5673
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A11AC70B001056FCB44FBBCD851A6EFBA6EFC4640F008028E6099B394DF39AE0687B5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045BA4 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5ce5123d6b22448369cacb48ce505d229bab9353fe6a4a696da9c479c85f7517
                                                                                                                                                                                                                          • Instruction ID: 325b096fe88f00fced1b6ec8ccdb8d5338fb78110eaa55ba614224c90e7401e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce5123d6b22448369cacb48ce505d229bab9353fe6a4a696da9c479c85f7517
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99210374A04209DFCB14DFA9E9546ADFBB2FF88301F248429E41AA7254DB75AD42CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A043713 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bdcd6fe9f7e06b58e1dd3ceb72d16efe574c202ab2b1aa13a4d646e4e7216a5f
                                                                                                                                                                                                                          • Instruction ID: 6ab9fd9b2b4ce2f4f1c46cb4fb4dad93c8ef20d688ebe67223437d6b3fbf3a65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdcd6fe9f7e06b58e1dd3ceb72d16efe574c202ab2b1aa13a4d646e4e7216a5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 092139B4E102599FCB14CFA8C980AEDBBF5BF89300F14806AD405EB359DB71A945CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03CC60 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 47c12c48959e9137d9776a1503a09f6106b3931359667bb768880aea84fb916c
                                                                                                                                                                                                                          • Instruction ID: 913d85ebda8085a4a0499d608c5e20b90a38822abc6bb7ce9c4a00c891b6ae34
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47c12c48959e9137d9776a1503a09f6106b3931359667bb768880aea84fb916c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC1190317102094F9B54DF6DC98096FFBF9EF85250715806AE819EB3A9DB30ED058BA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EDF8B Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a9eafd67a07b9d434d3f8365db75ebf7cb3ecc5d6e14699a9ef32100c149af7d
                                                                                                                                                                                                                          • Instruction ID: f744af34890bbe66455ef1192c3e1cf3d925339592b3a64ebd49148f8803bba7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9eafd67a07b9d434d3f8365db75ebf7cb3ecc5d6e14699a9ef32100c149af7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21AEB1A043499FCB01DFB8C8448EFBFB9FF4A310B10416AE559E7252D7355916CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9528 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 301ae8fd74d6a93d2e8b222be7d1f2c74fd93856630b5c53c24b2d34be6d397d
                                                                                                                                                                                                                          • Instruction ID: 6e1f24f1c3f2fe28ad21fa8c9abef291d715af0e568256dc87a98a6c0e22c47e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 301ae8fd74d6a93d2e8b222be7d1f2c74fd93856630b5c53c24b2d34be6d397d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0921813020074A9FCB02DF28D94499EBFA2FF853147048669E449CB375DB70ED9ACB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A043718 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7597b054bf23033b3d77bcde79909c6847700558c404c47c41ce940a7d994361
                                                                                                                                                                                                                          • Instruction ID: 3612a05bb22a19f4567a9fa19b0ea6448c8f8cffc8d5a0a634b5bf3db20b0cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7597b054bf23033b3d77bcde79909c6847700558c404c47c41ce940a7d994361
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E22115B4E002599FCB14CFE9C984A9DBBF5BF89300F14806AE805EB359DB71A945CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B060 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e4bcfd51ccfa848f48b029bbc8c96def4837efadcce4a1c1de1828ff6ee3abb4
                                                                                                                                                                                                                          • Instruction ID: 05d47f3b690c41cbf68bde7beb87dbfa3e52366b51425f407789fc78dff143e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4bcfd51ccfa848f48b029bbc8c96def4837efadcce4a1c1de1828ff6ee3abb4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A811A375B002046BCB09BBBDD850A7EBBE7EBC9250B10802DF90AD7385DE359D1187A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048298 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fa88850c47dd069bb07bcd54d697b2a79be7879e1bac361c2c001809674c0c30
                                                                                                                                                                                                                          • Instruction ID: d6cb8ab6ad73d53ad5e762063ea398f0288a333ac596e5b363529ead90238d48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa88850c47dd069bb07bcd54d697b2a79be7879e1bac361c2c001809674c0c30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D219A71E042989FDB14CBA5C4546EEBFF2BF89311F1884AAE481B7245DB748985CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B978 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b97be929305db7c2fb30a04147172d1c7c86a308cdea23633968cb424033250
                                                                                                                                                                                                                          • Instruction ID: 586997ce1845f9ac8691d2e0c13e804121153e30a1a6315b79e62f774eff80a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b97be929305db7c2fb30a04147172d1c7c86a308cdea23633968cb424033250
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02117C327106099F8BA59E6D94945AEBFEAEFC9254715806AE809CB355DF70CC018BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098F5A Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7785da92b6b10ef17ac50e49b386f382d1dd646645d61a10dd79398f96f9b17b
                                                                                                                                                                                                                          • Instruction ID: cfcfb79b6a61784b8c14d19793d8dee92320cfca322380ef96bea3189c086106
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7785da92b6b10ef17ac50e49b386f382d1dd646645d61a10dd79398f96f9b17b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35112971A046999FDF228FA4D8246EEBFF2BF89300F18449EE441E7251CB395815DB70
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048881 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6992c2a3bdf259d28a131be2f79975558556786f31a81f307b21c4f674b8f3b9
                                                                                                                                                                                                                          • Instruction ID: a5a95b82ff460704e0366ad596d844d9415d7225608a503cb89719816ce777b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6992c2a3bdf259d28a131be2f79975558556786f31a81f307b21c4f674b8f3b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0411E732E1064C9FCF019FB4E814ADE7B76AF84300F048529F546A7250DF31995ACBD0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E5E2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bb128415285a3bc4be7639b29ce35294f6dafeaaf92063334e3e53a274891e43
                                                                                                                                                                                                                          • Instruction ID: 892241c63c6d59fafc30f64d77c284cfe843eb46768edada278eef58a7817faa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb128415285a3bc4be7639b29ce35294f6dafeaaf92063334e3e53a274891e43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF212C35D0130ACFCB85EFA8D8449AEBBF5EF44300F11826AD416AB261EB349945CF81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6451 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e5fe4559f15de1e2789a25242061db6875f38591c349dd41df7cbb632d01c7c0
                                                                                                                                                                                                                          • Instruction ID: d3e2bf7261c13ec8b3dc09db9a34fc5662e197cfc026730a94f631cbe9fa517c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5fe4559f15de1e2789a25242061db6875f38591c349dd41df7cbb632d01c7c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88116D30B002098FCB48EF78E490999BBF1EF89310B1085ADE449DB365E735D9418F40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683EB20 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ed28f14fa7524c1fc3cb58c0dc087bb04e4fad4afb013a628f517b285f629db4
                                                                                                                                                                                                                          • Instruction ID: d2e0f37059bb78ae096b41c6b51d220a909714a0e19d1e87334f67434cdba6ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed28f14fa7524c1fc3cb58c0dc087bb04e4fad4afb013a628f517b285f629db4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7411C1303053049FC3166B78D85872ABBA6EFC5316B14497EE146CB792DEB5A80A8760
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04286B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae1581b68ff736ee8db16c9a40702ba23dd48944eed37bf1bcea80775366d001
                                                                                                                                                                                                                          • Instruction ID: f4fe6bb860aa990604ca5cd74d7b7b19191a4a37835b35b5e56b2ad317d2fe06
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae1581b68ff736ee8db16c9a40702ba23dd48944eed37bf1bcea80775366d001
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B219DB0A006989FDB66AF64D4483EEBFF1BF49305F04446DE48296690DB782588CF82
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042870 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90f32da422e99059fe661d67ccedf02fb11f5db2832e6d8938222895956c0dce
                                                                                                                                                                                                                          • Instruction ID: 142d3ab28b3c6987b1204c2ba51bf0a22c8a464bd88214e3b614d5c0fed14e7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90f32da422e99059fe661d67ccedf02fb11f5db2832e6d8938222895956c0dce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C621C0B0A007588FDB65AF24D44C3EEBFF1BF48305F04442DE48296690DB782548CF82
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047F90 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 64b4d3e217d611258dea9d34af1059d1bb4287799c8593a04722352e25152ac4
                                                                                                                                                                                                                          • Instruction ID: c7a1aa76606a256cc8cd9515663d4550a6acb0ded0f548031e336e4dd6b0e3ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64b4d3e217d611258dea9d34af1059d1bb4287799c8593a04722352e25152ac4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6110871A063489FCB52EFB8C85449EBF79EF8624072585BAD904CB312DA32CD19C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8D67B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                          • Instruction ID: 666946ad1bc292c73275698172bb06cb41234744ceb014d6660a6673a49d4bb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F219076504280DFDB06DF10D9C4B16BF72FB98314F28C6A9D9490B296C33AD826CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0431C0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9932d3b33e64531a77cfb976466bcd1ceb5dd5705b099ec52dfb44901fe81d14
                                                                                                                                                                                                                          • Instruction ID: d097488ff8417ad49e2cf6e9cfcd792de7e765b9d0ca8fe69267792bb4d40c56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9932d3b33e64531a77cfb976466bcd1ceb5dd5705b099ec52dfb44901fe81d14
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51115E32A1061D8FCF05EF78D8948DDB7B5FF89315B00466AE405B7224EF70A959CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035A40 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 05d20f6857e8475558a74178fcf26c782614ccfb720d9582aacdc6ea8f29d48a
                                                                                                                                                                                                                          • Instruction ID: 27ff8d0efb7487f89ba4a303aa01c5504b99c6b5bf51d946066244c721e71f54
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05d20f6857e8475558a74178fcf26c782614ccfb720d9582aacdc6ea8f29d48a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE119171700609DFCB20AF64ED9996EBBB6FF88301F008539E60297360DB70A845CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04A320 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e181888b6f99ad4ef7e967838386d78a275c3991576883b9f21a403242bb308a
                                                                                                                                                                                                                          • Instruction ID: 1dde6077b9facfaebab20db215a3a239172aa7e9e3750ac9bdb3b233090960c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e181888b6f99ad4ef7e967838386d78a275c3991576883b9f21a403242bb308a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE1108717456489FC714DF29D89489EBFAAFF8629131580AAF545CB325EB30DC01CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8D167 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                          • Instruction ID: f7ade7127d75e4436e150e79f92c729c5616d261d103ecaa32849600856bf072
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE11B176544240CFCB06DF10D9C4B16BF72FB98324F28C6A9DC090B296C336D85ACBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A039C70 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 80af578bcf8594a62c24cddbc4e24e9e2090ec00c8cb006a0991348e9095a70e
                                                                                                                                                                                                                          • Instruction ID: bbac030b914f224986a88953474167a22144110b3279bae359d69d9d382fbaad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80af578bcf8594a62c24cddbc4e24e9e2090ec00c8cb006a0991348e9095a70e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17110631A002099FCB14DF20D8948AEBBF6FF84350B14C569D8069B351C770ED45DFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E64E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ced37b3c77889ef3cbdb5fc1e347fb5a70bb1013d734fbc6571a7b9ff4bab151
                                                                                                                                                                                                                          • Instruction ID: 087dc4355998038f2ca6247e0c2c6fc24a0391b0cb3aff693c1ca7471e81f36f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ced37b3c77889ef3cbdb5fc1e347fb5a70bb1013d734fbc6571a7b9ff4bab151
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47115E35A00208CFDB44EFB8D994BADBBB6EF88700F118159E519AB3A1DF709981CF51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EDFA0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c15dc5f5b2c42a74b8f3a62ece61231092d6aee1ec93b22236f6990e0310c5b4
                                                                                                                                                                                                                          • Instruction ID: 958fc34d0a16afcb5eb5ec75dd92b9565ffde8620cc051161f5f5fd3bcac3205
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c15dc5f5b2c42a74b8f3a62ece61231092d6aee1ec93b22236f6990e0310c5b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0113AB1E0021D9FCB10DFA9D8489EFBBB9FF89210B10412AE509E3301D735A946CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09AF40 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7d9e3215714523257d448cbe44397a5cb94df6361e63d1b1c677005b901b5287
                                                                                                                                                                                                                          • Instruction ID: dbb7b7f08c53d599be6489e4a3d7be0fe3a9c36dd9b5a3e93b9bf11eaebd0ca4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d9e3215714523257d448cbe44397a5cb94df6361e63d1b1c677005b901b5287
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F11E57160465A4FC7194F69E054592FFE4EF86310B1582BAF4498B202C731E8C7CBD4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09937D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 907b80cf04c318606bd80b40b01be2519b83ba7e79e8becf91036eb1d3ebc9a2
                                                                                                                                                                                                                          • Instruction ID: 18290f0558d70f7939ce0c98b2acd0ceba35ee61a473de01ab202418a873f3fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 907b80cf04c318606bd80b40b01be2519b83ba7e79e8becf91036eb1d3ebc9a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED112B35B002089FDF00DF64D984AADBBB6EF84710F04C459E5058B3A5CB71D886DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06838B20 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2e44991d7c57eca388b8adfe187ccffae17278ee61d5083b6bd3c825adf7c755
                                                                                                                                                                                                                          • Instruction ID: 38bf0b3f3da8635279beec828b0e1c9967b5925f39f98aab5454e55dbfd85f4f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e44991d7c57eca388b8adfe187ccffae17278ee61d5083b6bd3c825adf7c755
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A30100B4A0A3968FC7869B78882805D7F66DF8721031845EAE986CF793D9298905C3D2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F990 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 334d5f8e484aa91ad929c8c51f3ab2e3af1ce6869b2f1dd38c2e3dabe69f2eeb
                                                                                                                                                                                                                          • Instruction ID: ca65a749f8d09dfe798a83715d6188d6fe65074559ff7b899dba35f4c659ac90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 334d5f8e484aa91ad929c8c51f3ab2e3af1ce6869b2f1dd38c2e3dabe69f2eeb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB112871D2061EDFCB14EFA8C9549EDBBB1FF45704F014569E405BB260EB70AA8ACB81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03AF60 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f03c626db0651668741bd5f8ebf69b4c6bd238f3774be3a58a121a91d3e40f2f
                                                                                                                                                                                                                          • Instruction ID: f8a14613567684bf2ecdfcd354d70e933abe2d2792b8db7e9a395fe5e25730ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f03c626db0651668741bd5f8ebf69b4c6bd238f3774be3a58a121a91d3e40f2f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201D4713042042FD705EB7C9850B6E7FDAEFC96A0B058029F549CB391CB658D1187A5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AA78 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b2c72dfc23f815e8c8f4d9b0bf880f4dc5d8dc46db9956537b0fb6e26736e40
                                                                                                                                                                                                                          • Instruction ID: 635309d10a0db43c2cdbc61381778622375972bce4606992ebd4d4ca3e5840d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b2c72dfc23f815e8c8f4d9b0bf880f4dc5d8dc46db9956537b0fb6e26736e40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72113C75A106089FCB11DFB8D8848EEBFF5FF8A314B1442AAE945D7321D631AD45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5BB1 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 51c242a1f73e77cc3a36541fb6b8a294d371477aaef85c59d17af615f90c7633
                                                                                                                                                                                                                          • Instruction ID: 3228bf42ed2d15edf3208bb09636a7685c4cad69c29ac93d517ecaf1e63c4641
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51c242a1f73e77cc3a36541fb6b8a294d371477aaef85c59d17af615f90c7633
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A019A316093C85FCB069F689C644E97FB5DF83210B0948EAE884CF163C638680AEB71
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09C8A8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df1a51fa2f33895c6f884c5524a56ddc80efe79cc41bf7086194b383fb061f21
                                                                                                                                                                                                                          • Instruction ID: 5c68bce1eba6c711ac72f55ef004729b093208ca4de425f4a0cf9adb5433def6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df1a51fa2f33895c6f884c5524a56ddc80efe79cc41bf7086194b383fb061f21
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D01F232B4815D5FFF5153F898047FA2FE99B89314F0A00A6D588CF2A2DD56CC42D352
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683EB30 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ee6b4b7d0bde24ff33dfbe5d17a1d9787f0b19120adfe339135478fb67d92795
                                                                                                                                                                                                                          • Instruction ID: 5341ad4b85fa1020bdf7a04f6d052f5443ba9ae16f030c969b9bde88d2c4b51a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee6b4b7d0bde24ff33dfbe5d17a1d9787f0b19120adfe339135478fb67d92795
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0901A1303013049FC3146B78E44872AB7A7EFC4306F10493EE54787392DEB5A84A8B60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045BC1 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0b7a46aa6ff6d8ab7f888f4cf37b21f05325f919fec8ae62b13ae5013af96577
                                                                                                                                                                                                                          • Instruction ID: be96298b657f1d9664e714ce56bd08ca423a99b9802b1afa38ce0f62040e3508
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b7a46aa6ff6d8ab7f888f4cf37b21f05325f919fec8ae62b13ae5013af96577
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E116A74A042099FCB14EFA8E95469DBBF2FF88300F248428E446AB355DB74AD42CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A039C80 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36b0ad01681d66c8ee9c316721f1cc97d3c90b1b5d0d302f580964b64773f906
                                                                                                                                                                                                                          • Instruction ID: 88ab34ec5749a97be3e220bfb51f9d59dabe1a0635418de494dd7a794dd0dbfb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36b0ad01681d66c8ee9c316721f1cc97d3c90b1b5d0d302f580964b64773f906
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80118B71A10209AFCB14EF65D8949AEBBFAFB88350B04C529E80997350CB70ED45DBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6F91 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9737e87c312d369fb3c7051940856f9f60c7de54b2ee6c18fc8f0b3ec76cedec
                                                                                                                                                                                                                          • Instruction ID: 010fc5796e175e0a0a0f0a104e12ae0bc203cd5948172f326b6fc5d05b54b3cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9737e87c312d369fb3c7051940856f9f60c7de54b2ee6c18fc8f0b3ec76cedec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901F9306043499FCB15DB35A41066A7BB1EFC2610B0444BDD4418B291DF35A846D790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09AD2E Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b5d4d2e11062242bf31cde275bfa849fb3f691320534bbe9481a35b69d95c45b
                                                                                                                                                                                                                          • Instruction ID: 963fc00e1876286edad1564a000cbd5e5093852e1c49876252e651ee356f3e78
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5d4d2e11062242bf31cde275bfa849fb3f691320534bbe9481a35b69d95c45b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911B774A01209CFCB18DF65C49496EBBB2FF49311B1184A8E9069B361DB35DC82CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068358D8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2bbbaafd16b19020d2dc584917a80f656dc609b20bfa74ade2f39133b5c41377
                                                                                                                                                                                                                          • Instruction ID: b34ff3f5ca6b19c4c277f1caa480fbae7537d35d4f0fad43bc28d1b301fc8e94
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bbbaafd16b19020d2dc584917a80f656dc609b20bfa74ade2f39133b5c41377
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 711182302057048FD311AF78D45865F7FF2EFCA315B148A2ED08A87756DF79A90A8BA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042F77 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7563e9f1fa077c21cc509eff5b8f6b80b2feb604ee5fd40a188ead55feb9f7f1
                                                                                                                                                                                                                          • Instruction ID: 89e6db3b9974f04f2ebcb02577abbd80a4a1385e4d81e1e4bfc517e6270d4d77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7563e9f1fa077c21cc509eff5b8f6b80b2feb604ee5fd40a188ead55feb9f7f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E110475A00229CFDB54CF68C898B9DBBF1BF48304F1581A5E505EB361DB719945DF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A099020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4f3792bd3ef2bacdc15bc9484438b5b4b0cc0c511c94938e47895eb8d3aea03f
                                                                                                                                                                                                                          • Instruction ID: 51ac8f29177a7a1d183c4ba5d96d07f4118fa618898214251a19498738aa8669
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f3792bd3ef2bacdc15bc9484438b5b4b0cc0c511c94938e47895eb8d3aea03f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B11A475A00208EFCF51CFA9C944A9DBFF4AB48350F148499E919D7261D332DA61EF50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03505E Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 62ce53661606ea4b667d14ce2c9d497759351635eef8966a46727d871f5dad81
                                                                                                                                                                                                                          • Instruction ID: 976b6be5cde05e3d9d6b66cbd10e20a65eb5e50715ff959c11acacfc11448da9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62ce53661606ea4b667d14ce2c9d497759351635eef8966a46727d871f5dad81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3114C35A502188FDB14CBA8C944AEDBFF5AF4D310F1980A9E405BB361C775AC40CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683FDB8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d8294b718cf0308b67e7e706167c0fb0c77f9555f9dc4ff84c5951fb5385baae
                                                                                                                                                                                                                          • Instruction ID: b7f54a6ca6a736726a40da2cca3e0319a87da81c0df7fef6a787e443cf58402f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8294b718cf0308b67e7e706167c0fb0c77f9555f9dc4ff84c5951fb5385baae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF0C273B0031557D630569AF8889AFF79EDBD4631B24803BE705C3206CE3A880193F4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AA88 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 59f922afca39fa7a58f2b123ace90b863f5136b999f344f89f59344de9dd73d3
                                                                                                                                                                                                                          • Instruction ID: 04287441bdaa954c73f3471cb4384f7f0159295022d9238a5bf0575306c26af1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59f922afca39fa7a58f2b123ace90b863f5136b999f344f89f59344de9dd73d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE014075A00609DFCB14DFA8D844CAEBBF9FF89310B100169E905D7320D731AD45CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8C60 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bab22dac39da0ae625092a8bd91a20c79ebf0123895273a4eef492644620e93a
                                                                                                                                                                                                                          • Instruction ID: c6db382dbf500ab9196845f711b4a9e6d46e873c22f2c488b6ccf89e33dc23aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab22dac39da0ae625092a8bd91a20c79ebf0123895273a4eef492644620e93a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D301D2312056946FC725CF68D4949AB7FEAEF8A310B108469F99987361CA359C40DB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09AD5C Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93234f3a084a4363534f27d7c9f1e627632e95353d4dc8058ef9162bb97fa927
                                                                                                                                                                                                                          • Instruction ID: 8a46501d4dcb5d1f35e4bc6d7b936ea913ca5a946bbfabfd3790b1a97b075487
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93234f3a084a4363534f27d7c9f1e627632e95353d4dc8058ef9162bb97fa927
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A411B674A01209CFDB18DF65D49896EBBB2FF48311F1584A8E8069B361DB75D882CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F729 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9576a99c73747ea729dfe04594be626e678282c9814426372dc5ff62c774f89b
                                                                                                                                                                                                                          • Instruction ID: 696ae7ee08d024bd95d7ff91143669bd9856026a7276835b70dc7c291ba4b6ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9576a99c73747ea729dfe04594be626e678282c9814426372dc5ff62c774f89b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73112570A05249EFCB42DFB8D5985ACBFB2EB8A308B1480AAD405EB252D7355E85DF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03C390 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 08e8ead5a08f00e44802bccd66724feb3893dfe6c9e13b288f8679e41664d617
                                                                                                                                                                                                                          • Instruction ID: d2bde7d660d70ae1a9d499d1e4f65672f67b30b6416e54b25132d7630fb30db6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08e8ead5a08f00e44802bccd66724feb3893dfe6c9e13b288f8679e41664d617
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6015E3160A7D55FC7268B38841095ABFB99F8316430A80EBD888CF2A7D678DC05C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068354B0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f3afb6620d458141ac4d38a70a81c314ed6f24f006c66e8285442dc86d913fd
                                                                                                                                                                                                                          • Instruction ID: 783e5cdced79ae3bab96ab5b08aed29cc934ccd6f435d64002315ee96e600fda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f3afb6620d458141ac4d38a70a81c314ed6f24f006c66e8285442dc86d913fd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33019E312003016F8645BB38E56896E7BA3EEC43913448A2CE01A8B755DE35AD8A97A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03AF70 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7697461acd344bcffcd671bc8cdd0a00ed3ff248881e7d695cf4061fdbc69417
                                                                                                                                                                                                                          • Instruction ID: 16f5ee83ac9c3a103e1957fd234db6c0dbb2a011386a798e259f3a490a1324ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7697461acd344bcffcd671bc8cdd0a00ed3ff248881e7d695cf4061fdbc69417
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F0AF727001182F9749EAADD850F7F7BDEEBC86A0B058029F909DB390DF669D0153E5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047508 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dd308193dfdafeb9f8701e4e85755e8c7810d4082413af78421f09c9d32ba647
                                                                                                                                                                                                                          • Instruction ID: bfd5f031806bd197f31b4f669bf51acd9640571a0764256aecd406782a077fe1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd308193dfdafeb9f8701e4e85755e8c7810d4082413af78421f09c9d32ba647
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1611E5B1E002589FDB14DBA9C958ADEBBF6BF4C300F158469D801BB251CB759D44CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8DAAD Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ce2d456933100da9ed03c098a7e0e1a7603e95a9fd6adfadcc6868b6c1d88424
                                                                                                                                                                                                                          • Instruction ID: 620a9517d199c913660bcb9d0c58c19b0c61d305e2463542e96775530b18b501
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce2d456933100da9ed03c098a7e0e1a7603e95a9fd6adfadcc6868b6c1d88424
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD01F7311093409AEB14AF15CD84767BFA9EF51360F2CC46AEC484B1C6C678DC40CB71
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EF10 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 482cc663597ecd2343af2d3359ed0398cfa274585cfaab544b75b857f22d0efa
                                                                                                                                                                                                                          • Instruction ID: 48797c094d5a33090bbee2e9bee02546201a0cd9adb3299499d4bb37544f55ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 482cc663597ecd2343af2d3359ed0398cfa274585cfaab544b75b857f22d0efa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E01A232D40708AFC762EAA5D8006DEBBF8DF85310F008669D015DB250DBB899598FD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E95F1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d49370ebf6725166ae9508501d384a8d476bce2a4df21b476a9e7dfaa529a6db
                                                                                                                                                                                                                          • Instruction ID: 1be864ff5f6366c1af8dd60435ad9fa6077335f4fb8d16a955e514ef98bc8940
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d49370ebf6725166ae9508501d384a8d476bce2a4df21b476a9e7dfaa529a6db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C10162352003499FCB16CF25E89489A7FB5EFC9325714456AF885C7362CB35DC55CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A091FC7 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d23ca40a61204c28ca1aab6889dfd5769879241eab2cd1bcdc24236466208e9e
                                                                                                                                                                                                                          • Instruction ID: 4d1558ffcfbcfabb483a4b2eff4f86b4e5e38a3bb820ab2a51682346688ad6db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d23ca40a61204c28ca1aab6889dfd5769879241eab2cd1bcdc24236466208e9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8301D4312403085FC742AB68D5514AEBF66EEC63103048A79D08A4B766DFB1EA4B9BE0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A039ED0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d183d05fc1b290b8939f337a079dd9f167eafe138ec664a1aac1fb75ed8afe8b
                                                                                                                                                                                                                          • Instruction ID: c5adc1ae1a77c5293b5819279022326d55d9143f18686e2c02adf015912f4bde
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d183d05fc1b290b8939f337a079dd9f167eafe138ec664a1aac1fb75ed8afe8b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD018F313113049FCB65AA24D991A5AB7A5FB81310B44857DD0498F692CB75E84ACBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6FA0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e2559c75d5bbb7f7d805b71ceccf91f8a79486fc30abf3736cb7faa7fa089b9
                                                                                                                                                                                                                          • Instruction ID: cae44fab8406d8036c7c15059c42ee201d9b6e43fc2a2cd3e457ca70a8421447
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e2559c75d5bbb7f7d805b71ceccf91f8a79486fc30abf3736cb7faa7fa089b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA01D630B00319AFCB25DB39B40066EB7E6EFC0611B00853DD4058B381EF31E8469BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E85A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bda28427eafc0f53820eb37cea8b8515ae21a38a42bba8f846cf5f09bd30f8c6
                                                                                                                                                                                                                          • Instruction ID: 471fd2bc83851d2c00dfb2f1d43b0cf0e1b7cd9b961ac18818f0bbcb48c1ac4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda28427eafc0f53820eb37cea8b8515ae21a38a42bba8f846cf5f09bd30f8c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA012C31708395AFC3168F399C408AABFE5FF8A320704802AE005C7241CB709C02CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E85B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8074ece25f441e77ff83c7779a6e6ccd8e084eb104c5806d32ea406038b580e4
                                                                                                                                                                                                                          • Instruction ID: a8c7d59f1855c1f09302711aab426bbcd0921695daf2de0f4694126343e4d26b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8074ece25f441e77ff83c7779a6e6ccd8e084eb104c5806d32ea406038b580e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5901D1717002456F8754AF7A9C445AABBEAEBC92507048029E505C7340DF71AC0697A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06834610 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 13fae88e31b111b2a1cd1dbb08d329a284b5f8a82df965b8ee874988235c5f97
                                                                                                                                                                                                                          • Instruction ID: 077e0dd9a93d79f19925d4d447ededb053418fd7fe1fccf5ff64502f3b76f698
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13fae88e31b111b2a1cd1dbb08d329a284b5f8a82df965b8ee874988235c5f97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F02872345350AFC7022BA9F4185ED7FE5EBCA36170002ADE10EC3393CE15080683B1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683E2A0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7bfb1d6e6469429349793ae1a8a1ff390067e374bc058f73464eb466a6866b7e
                                                                                                                                                                                                                          • Instruction ID: 214f35cb5c8c584202dec99cbf13e38b7a4f1133bd60d8a3f39d3cad2f0d09df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bfb1d6e6469429349793ae1a8a1ff390067e374bc058f73464eb466a6866b7e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C701B8302006458FC751CB2CD688D9ABBF1EF88300B1681AEE405CB736DAB0ED4ACB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045443 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0297c584552c32f9935c013bb0cf78d3e61a2f78606bd4221de2e762b19e5e5f
                                                                                                                                                                                                                          • Instruction ID: 21cd8887eb96067d74def2e288225958ff29b6b34dbb497643790ac7acb66464
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0297c584552c32f9935c013bb0cf78d3e61a2f78606bd4221de2e762b19e5e5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE015E71A047499FCB11DF69D88489AFFF1FF8A310B04C6AAD45997315E730A919CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035070 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c752162bfd87dfae278329d8ab6bda7211599e99fde24722956ebfe682976b3a
                                                                                                                                                                                                                          • Instruction ID: eb4247cfd6cddcc5bea62e7b45c93edc477befff1fab4eb5d9cfe971abe8258e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c752162bfd87dfae278329d8ab6bda7211599e99fde24722956ebfe682976b3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7012D35A001188FDB14CB99C954ADEBBF9BF4C310F198065E405B7361CB75AD40CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098F80 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 618538c77ccaf193ab55c355c5db1241d95be88b4fffb9c6b7720351887f6dbf
                                                                                                                                                                                                                          • Instruction ID: 80fb79a8a995eb942893360ddc845586298072b9a19364cced7cecf60de79aaf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 618538c77ccaf193ab55c355c5db1241d95be88b4fffb9c6b7720351887f6dbf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4001D871A042689FCF25CFA5C9146AEBFF6AF89300F14846DE551B7350CB759904DBB0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06832B28 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 81cf31ce29fd81ed278f310480821020e19e0aaeb3b75c9353e67757d96884b9
                                                                                                                                                                                                                          • Instruction ID: a5a522d10ec6d5c98fd60e07b90a1353c6227b4a6717c6128bb39e702aef40ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81cf31ce29fd81ed278f310480821020e19e0aaeb3b75c9353e67757d96884b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50014F30E10228CBDB95DF68C4657AEBEF5AB88700F144169D501FB390DB794E048BE6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AB38 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 984cb22ac869b279e5a97c5a158b21abf033be44b8675db2f6e3c0223768e4b4
                                                                                                                                                                                                                          • Instruction ID: b18e1c56088124333f5f7ffd50df4c7f3ec8cecacedf187213a5e3c18a883e0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 984cb22ac869b279e5a97c5a158b21abf033be44b8675db2f6e3c0223768e4b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA018F3290014AAFCF45CFA8D9049EEBFF2EF8A310B1541A5E548EB171D3329A16CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0450D0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6b077c7d895b816b8708649ce7ffb6809cb0fc5af452b843931a8194027ae6b5
                                                                                                                                                                                                                          • Instruction ID: 0e91de420980f62096b6f622d1659b42229287a57694a366264b241801be6a36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b077c7d895b816b8708649ce7ffb6809cb0fc5af452b843931a8194027ae6b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC01D631B1429A8FCB119F78A8540EDBFB5EF8A210B20017AD446E3241EB344E05C752
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03AA81 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4380988fb4e3476219bfaf9edd86a4f47b76e8e789f5ab6a3e7911859a5ce523
                                                                                                                                                                                                                          • Instruction ID: d38d864252fc486cc04c399eb26df93fbcadc177bbacee583e0099044913113b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4380988fb4e3476219bfaf9edd86a4f47b76e8e789f5ab6a3e7911859a5ce523
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73F0E2723052144F9714DBBD888066ABBEEDFC9160311817AE00DCB391DE75CC0A87A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EAB0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4632feb417c93c6dd63417f30f1cf6090a55fdd65580c38054fda901d26a2483
                                                                                                                                                                                                                          • Instruction ID: 929edb738dc390b6cff5db710bd710db0cf48f8a7cab65236f5d78661a54747a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4632feb417c93c6dd63417f30f1cf6090a55fdd65580c38054fda901d26a2483
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901F43250478A9ECB068F65CC504DA7FB8EF86310301466BD485DB192D7B45949C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EFAA3 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a4645fad672ea1b4c98c9fa361c6271e177ca9e69b391b334eedea8e895626af
                                                                                                                                                                                                                          • Instruction ID: c5a45e7a0af00ceca7ae72828851ff69a1222551fae3f67a81fd3a782786c929
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4645fad672ea1b4c98c9fa361c6271e177ca9e69b391b334eedea8e895626af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F028702103099FCB10DB6CE854A9EBBF9EFC5310B10863AE119D7395CB71AC05C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EA940 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6b55ab825182754c25ab494fedfed9af89873568be350c5ff66f1a45b2c6e9c6
                                                                                                                                                                                                                          • Instruction ID: 5e0d8ca598c37d14ec31724f805ddef59e871d7c40fa53d7333e33fd46858e13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b55ab825182754c25ab494fedfed9af89873568be350c5ff66f1a45b2c6e9c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C501A2743003959FC7169B38D8509BEBFA6EFC6340704816AD085CB362CB74EC06C791
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F738 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a06be7da068ac19d9e386446b5854b1be512736bd38c1d04ccb196b338a3fd59
                                                                                                                                                                                                                          • Instruction ID: 1771be9d7ac84fed8db5cef5c59ca9a49b2aad1c5289167f16bd15e8a2a2c28a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a06be7da068ac19d9e386446b5854b1be512736bd38c1d04ccb196b338a3fd59
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F11DB74E00209EFCB84DFA9D68959CBBF2EB88305F1081A9D405D7350E7355E85DF40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09D5D0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d43bfadcbd0c7b6558a9e8c793b72d0b43274d91895ab03cf7381f570de0dafe
                                                                                                                                                                                                                          • Instruction ID: 37acc0cadf1f11d63f4a1b490fba0d9a5be004627707487886502bc03693718b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d43bfadcbd0c7b6558a9e8c793b72d0b43274d91895ab03cf7381f570de0dafe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF0AF3038062C9FDFA51A74E81D76A3AEAEBD9351B044439E506C6390DE3E8C428B53
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06831A0E Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: aa3d2a23d20dd7450e9e914851d0510abf23436a1078cac5c3800441f7d09e5a
                                                                                                                                                                                                                          • Instruction ID: edd501929f6abcc8d5f415426c5c2a714455157e6330ed057e4562ea926d2ae4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa3d2a23d20dd7450e9e914851d0510abf23436a1078cac5c3800441f7d09e5a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9101F436B002158FD7019BACD8413AEB7A2EFC4B20F658529D615BB340DB746D0A4BD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CF61 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b6122856ed26dd2b12d2ee238605ffcd82eec8d039237e64ee1b561e02c87e67
                                                                                                                                                                                                                          • Instruction ID: 435c993afa513279b4cb79badb6f33f2b56cc30133ce92b40974111af0a045dd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6122856ed26dd2b12d2ee238605ffcd82eec8d039237e64ee1b561e02c87e67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 730119753055509FC705CB6DE898C6ABFEAEF8A22432941DAE449CB332C661DC02CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045DF0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7f9fd9d23c60d7ef20b2f64bf3d68a21adcb8fb29489535d30255266767d105a
                                                                                                                                                                                                                          • Instruction ID: 3ec179fd2b2d8e71e5e5fd09af309cb12ec17c3481833ca4f11f123a75a03213
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f9fd9d23c60d7ef20b2f64bf3d68a21adcb8fb29489535d30255266767d105a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F049A260E7C45FD35707385C392A23FB1AF9724070A81DBE085CF6A3D2089C0AC722
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03C1B8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90e6ef8b3c31f5f37c646a0931121a410924da737378671152417fd8c08b396c
                                                                                                                                                                                                                          • Instruction ID: 92352551383a4c852f3bc8f7a2c29acbd0623ce7bd72ffe341b4060298bac63f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90e6ef8b3c31f5f37c646a0931121a410924da737378671152417fd8c08b396c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F090727002145FC7158B6CA4949BEBFEEEFD8261314C12BE809C7355CBB1DC028B60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A094F50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02edfe0e122357523adfcc4b7b085fc2baedfe540471b8dab37cf9153e62fc73
                                                                                                                                                                                                                          • Instruction ID: db9c5a208da4cffea1788129aff02354bcf89f9afe22468eaed02c0c6f70a591
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02edfe0e122357523adfcc4b7b085fc2baedfe540471b8dab37cf9153e62fc73
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF081303042458FCB264B3994645BA7BE7EFC6311B1900B9E48AC7261CB36DC47DB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FF50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f44a7b66f9fceb8d397eed0ade08b86259b6fff8b05b6d721d15b45bdda7cdf5
                                                                                                                                                                                                                          • Instruction ID: cf745adf5fd826cbb2a9418ba16c6a3466a878be69dc9624fa735fa1c220f46b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f44a7b66f9fceb8d397eed0ade08b86259b6fff8b05b6d721d15b45bdda7cdf5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F0AF72A1010A9BCF099FA5D4015E9BBF5EF8A310F00847AE605EB340DB305D868B91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068345AE Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a6387e8507cbacadaad0efea7c11f1c1fb00301101b4f9db1c921c508ec7b885
                                                                                                                                                                                                                          • Instruction ID: 98fd111dc3b6f924c23b3d88c893bc55d3b168c24d8aff927cb1cbd73b1f2609
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6387e8507cbacadaad0efea7c11f1c1fb00301101b4f9db1c921c508ec7b885
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F0F42164E3E55FC713177998244AC7FB1CD9756130A02EBD1D6CB6A3C99C0C4AC3B2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06831A17 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3599f1f5b6433e428691cbb46b87dac51622b1eb91703c17bdc9a2fdf58afacb
                                                                                                                                                                                                                          • Instruction ID: 46096634c7483184e70de731c06f7fedfdf2d860fd7e0febd18d209bccab3596
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3599f1f5b6433e428691cbb46b87dac51622b1eb91703c17bdc9a2fdf58afacb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F02832B002144FC701AAAC984139E77A2EFC4B20F558529D5157B340DF74AC0647D0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042B17 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b989c07e6514cf37873535b3d0896a31f81f4cecec3c40f552614b8c532f31b1
                                                                                                                                                                                                                          • Instruction ID: 0af100ba0b9be9d1650f911173437afe207b3462464dcbef4fe34d14fddcd58b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b989c07e6514cf37873535b3d0896a31f81f4cecec3c40f552614b8c532f31b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED11A2B0E0420ADFCB54DFA8D4596AEBBF0BF49304F1085A9D815E6250EB799A85CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E3F0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: eb003add6b0f56cd99d6503452633d9b3b790dc78aa68352b314538766a482d5
                                                                                                                                                                                                                          • Instruction ID: 4c7d2f00b6e98c9ba1d3a06fc01193ca471e8892290650794eeb3b9ca987941f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb003add6b0f56cd99d6503452633d9b3b790dc78aa68352b314538766a482d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE01F232D0021EEFDF50DBA9D9057EEBBF8FB88300F048225D510A6290CB782208CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B118 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 47d87505675f536a61444e0c8aa7894c245b65d7f02881047a275b85e0faa9b5
                                                                                                                                                                                                                          • Instruction ID: 6c540df9f2a9463978ce1f9fc9bd5baac83faf2cda2b8f077a2b24e8faf75815
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47d87505675f536a61444e0c8aa7894c245b65d7f02881047a275b85e0faa9b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2F05E723182141F9B599A6D588157EBFEEDFCA26031580AFE009CB3A5DAB48C4287A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B170 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 69484f1a5eac5ab7b2873c8b4103c62600449bc2b85cdcc3e95b61afdaba7106
                                                                                                                                                                                                                          • Instruction ID: 9cf14ca86dbc33ad8b37f731356bacb47e0240635692acb33ade7e1f619cb126
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69484f1a5eac5ab7b2873c8b4103c62600449bc2b85cdcc3e95b61afdaba7106
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF0E9637181140F9764976D5890539FBDEDFDB154389809BD10DCB359EE54CC068361
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09AD95 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2edf8b20e53cc57bfd9c7d428eaacfafb6d7779fed7c58d70887569d2ec62cd0
                                                                                                                                                                                                                          • Instruction ID: 94f7fd8c24d6fd6a4c204f2c7aae67c0ed3e7762a55773b464a92465a649d781
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2edf8b20e53cc57bfd9c7d428eaacfafb6d7779fed7c58d70887569d2ec62cd0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B111A274A01209CFCB18DFA5D458A6ABBF2BF88311F1184A8D8059B361DB75D882CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09D5CC Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 085e05239ad9cbbce8203fd1de1431a64406399400eea8528590d7bc4225c723
                                                                                                                                                                                                                          • Instruction ID: 10d46481b80d04424c95a49eb154cd3a2e5ff559faec518ccdd6c1ed429e8de1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 085e05239ad9cbbce8203fd1de1431a64406399400eea8528590d7bc4225c723
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DF0C2303416289FDFA51B74F81D72E3BE6EBD9351B044425E506C6390DA3E8C028B53
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A040C23 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8ba373672e0c1d61f4b8a8fdb24a8b30ecc1d37db3f1200987c8df3e082bf2ed
                                                                                                                                                                                                                          • Instruction ID: e25adf88398de42563bdf72af0e0dabfc7ddb8facebd18148c22a8a0ece3fab2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ba373672e0c1d61f4b8a8fdb24a8b30ecc1d37db3f1200987c8df3e082bf2ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F20175B0A0829A8AEB248B78D4443AEBFB1BB45300F08806AC511B6296CB7D5548CF21
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E3E4 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 151c7717408d8cd48b5a84466d19e46daeb89899d208bb2e1fb1471ec97f0d6e
                                                                                                                                                                                                                          • Instruction ID: dfc66acd773f98904371fdea8e1ec1cec22dd05c9fb925b9f313b3e5b2d8d659
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 151c7717408d8cd48b5a84466d19e46daeb89899d208bb2e1fb1471ec97f0d6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04019A7190021EAEDF50DFA8D9157AEBFF5FB48300F048629D421A62A5CBB81604CF51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045450 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 82a663303505f4449e8d667631852f55a4fb59ccc6101c49e50c0aee363e22e7
                                                                                                                                                                                                                          • Instruction ID: 05c045c5a38a01207e58dbc1be218bdf4f9a76c215bd9c7a3280e72df0dab746
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82a663303505f4449e8d667631852f55a4fb59ccc6101c49e50c0aee363e22e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2011D71A006099F8710EF69D88089AFBF5FF89310700C62AD95997714EB70F919CBE0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03F7C0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0ed21e5c1a424430cffce401a6ba54bb7e9d003dc8df59a9a306d7c7376bdff5
                                                                                                                                                                                                                          • Instruction ID: dcdef8bc12409002fc051f649f2daadde15e10180ebce26ec02b7b665bf48021
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ed21e5c1a424430cffce401a6ba54bb7e9d003dc8df59a9a306d7c7376bdff5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F801BC75E0430EAEDB10EF68C41536E7FA4EB41704F008159D045DB787DBB94504CBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A091FBD Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 41d383b90da1c005fb4de0f74b4e4cbf237967ffeaea865c1258e9b97eab55a7
                                                                                                                                                                                                                          • Instruction ID: 16515c55c005a3ad067bf5f013c8ac9485d20820059678c85d9c42ab16fce22e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41d383b90da1c005fb4de0f74b4e4cbf237967ffeaea865c1258e9b97eab55a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F06935B002098FCF44EB78E414AAD77F2EF88311F140169E80ADB3A1DB35DD068B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AC84 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8e4d7dd3ac66700c2976e469ad0bb73b29e623dea9e4f7608089444360dd2245
                                                                                                                                                                                                                          • Instruction ID: dcf8c3e6d639f5ac489fd80877f3c1f0bd6f42f2a91aa6bf1d65dbae355d3366
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e4d7dd3ac66700c2976e469ad0bb73b29e623dea9e4f7608089444360dd2245
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5701EC71640B049FC324DF2AC984957FBF5FF88310B008A2AE44A87775DA71F8498B94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E7130 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b685a8e8cf0c159abc5eb3d257d501b79225824982d9b6b2eb853872aba5246b
                                                                                                                                                                                                                          • Instruction ID: d8276b39b855f7f774d5cae6d4aa2526850c7933d8f5ad43e71549dbbb5986f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b685a8e8cf0c159abc5eb3d257d501b79225824982d9b6b2eb853872aba5246b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF0E961B0D3945FC7071B7C28650983FA2DA9B29130A44EBD541CB397DD688D47D361
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042B20 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ba64a68ccd33f0f0419670624a2687d4b8a3a459063d0ea969561e1d5a6a4556
                                                                                                                                                                                                                          • Instruction ID: 68fc106325412bde1e0636ed52e71c9572a86383c62e8cea3a84caf4ba41a762
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba64a68ccd33f0f0419670624a2687d4b8a3a459063d0ea969561e1d5a6a4556
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E101D7B0D0420DDFCB54DFA8D4596AEBBF0BF08304F108569D415E7250DB785685CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A040C30 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 18b6e730b2e58afbb861283e5c205af5ab260ca38e99a5fc9e777a043c986128
                                                                                                                                                                                                                          • Instruction ID: 60341335348605ab160a30ca73ef7d5f366a8fe99850f416e95c9d88c173d97e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18b6e730b2e58afbb861283e5c205af5ab260ca38e99a5fc9e777a043c986128
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5018BB1E0825E9AEF14DF75D8043AEBFF1BB05300F04802AC512B6296CBBDA549CF61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048C92 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02c6ca7f8cc01b9595125f07263fc60e470cb4e22f4f9761e4cd69f61ab93640
                                                                                                                                                                                                                          • Instruction ID: 4e39a89ef245cf7b2774b0195c17767ee3fa8714a90c634d72282c9d1cd4e590
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02c6ca7f8cc01b9595125f07263fc60e470cb4e22f4f9761e4cd69f61ab93640
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0A77334E5545FD71586299844EA3BBE9EF8662071984B6F408C7271C530EC05CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0450E0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6f56dd8fe2da85d20e64c04d0ba12e14f5e998d70c5f02936d1dae929c2fdf49
                                                                                                                                                                                                                          • Instruction ID: 8c1ffdc9da8112e8f78f8afe589bbd5be14037bf8908b0d9ca25a76f60538d38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f56dd8fe2da85d20e64c04d0ba12e14f5e998d70c5f02936d1dae929c2fdf49
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F09631F1025E4FCB10AB7CA8441AEBBB9EFC9621F200536D40AE3301EB705E058792
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00D8DAAC Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709105195.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_d8d000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4a24bca9837f28b00f3f56876d8561a67382d8718d2859ca435516f50bb97406
                                                                                                                                                                                                                          • Instruction ID: 46acad353ea00057c60992fa39617e214ad0a034eb257d9c1a5935e117d2b1b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a24bca9837f28b00f3f56876d8561a67382d8718d2859ca435516f50bb97406
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F06D71509344AAEB109E1ADCC4BA2FFA8EB51774F18C45AED484B2C6C279AC44CBB1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A039EE0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: baf15f8578d6592f86f8b9be18dc7137283fc737f56642cbdcf958bde5232533
                                                                                                                                                                                                                          • Instruction ID: e91f5fd2c9c5a9c0382725415eaa5b5a6cd984d9c9171954949e62e441721eb3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baf15f8578d6592f86f8b9be18dc7137283fc737f56642cbdcf958bde5232533
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DF0AF313113049FCBA1AA28D980A1BF7E9FB80314F449538D4094BA55CB75F84ACBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EA950 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a582945bc0b54536f9ddb7b283029cf88a17d5d36f79aff2f59e6c4712ab48ce
                                                                                                                                                                                                                          • Instruction ID: 7147569894a9b828265eb13e7c1328af0d8dbf19dde9169a06e93d13b02513f4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a582945bc0b54536f9ddb7b283029cf88a17d5d36f79aff2f59e6c4712ab48ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F090753006599FC715AB29D8509BEBBAAEFC5240704812AE54587351CFB4EC06CBD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E9600 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0c660149325c017161eff8ad358d835799a3a62b00b096ab436a501c78771cdd
                                                                                                                                                                                                                          • Instruction ID: 4b1c745e805f6152cb6706f5bd7aa5da1ad7aeea4c456e71f3a7c6a3fb301ec4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c660149325c017161eff8ad358d835799a3a62b00b096ab436a501c78771cdd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF0F9363003489FCB15DF69E888C9B7BA6EBC97217148529F94AC3361CA75DC51CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A094F60 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d677251a3d7cee50e1fe781ace7ed6ab3db4e57ced3f5d6b8d97f424f179df10
                                                                                                                                                                                                                          • Instruction ID: 62bb63c0313fb7b8d6e9890419dbaadde95eef0d29249dd631cb56fa40b835f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d677251a3d7cee50e1fe781ace7ed6ab3db4e57ced3f5d6b8d97f424f179df10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F01D31700209CFCB659B39E4186AA7BE6EFC9321B250079E50AC7360DF76DC82DB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09B260 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b06dd0d7a450b55e217373b1cb362d3fefef3298b0b9e8803955a47d1acf1fe0
                                                                                                                                                                                                                          • Instruction ID: 2b2b9736642f926c75a99cc9032140ffe203f4f385ab3d43e0fcc50f5f3c90a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b06dd0d7a450b55e217373b1cb362d3fefef3298b0b9e8803955a47d1acf1fe0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F06D313103588FC745AB7CB41446A7FAAEF86B21305826AE05AC77E4E938AC048B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04AB48 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ac7d590c4ac34c2358caecf41a0eab4dfca9ca54a32e801d356bb06bc5d1eac3
                                                                                                                                                                                                                          • Instruction ID: 90e559415b0deeacca16751af462c0f15b20f1b6b3dd8cdacb4a07f47070f877
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac7d590c4ac34c2358caecf41a0eab4dfca9ca54a32e801d356bb06bc5d1eac3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF03C3690010AEFCF00DFA8D904CDEBBB6EF49310B1041A5E618EB270D731AA15CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0447D0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 17db2121b4eab0427c18f18053005a1cc81b54de567aee0e84bff5b6916246cb
                                                                                                                                                                                                                          • Instruction ID: 83b04ae485bfc6111093a52674acc694486b242ca020cf216e88a3103f220326
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17db2121b4eab0427c18f18053005a1cc81b54de567aee0e84bff5b6916246cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F090303002459FCB15AF6CD4948AE7BE5EFDA310315447AE441CB356DA39DD478B64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06832B38 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9af81e2eda9610be5520949866f7754ebcf75b2efb084ff97c5086e5e02181ae
                                                                                                                                                                                                                          • Instruction ID: 3033f5170ced640c0e0857c71a5fa001e6f9c44cce0e6a19cf33a8952d9848e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9af81e2eda9610be5520949866f7754ebcf75b2efb084ff97c5086e5e02181ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF01D31E50228CBDB95EF68C5257EEBAF6AB88700F144469D401F7390DB795E00CBE6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03AA90 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 038dd18188c0830d0c7d59750410e8c252280b59164e97907f931b4d5f07e44f
                                                                                                                                                                                                                          • Instruction ID: 06dc6f0fab5f2fc7ee10664ddb6e58f855ebd1e499ad5c3ca41324b33f6bf9df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 038dd18188c0830d0c7d59750410e8c252280b59164e97907f931b4d5f07e44f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FE06D723142181F9B58A6BE9C40A2FFADEDFC95A4311807AE00DC7385EF75DC0183A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035101 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 85e0b2e9635e9a9054c28fca20ac5b6011cc38e923c2ca9bbfed16d9ca684005
                                                                                                                                                                                                                          • Instruction ID: 1cb423c2639aeaa5295d37a60c437a8c08243c7fcdbff1cd4ffe6179fe272163
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85e0b2e9635e9a9054c28fca20ac5b6011cc38e923c2ca9bbfed16d9ca684005
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0EC723003449FC7188E69E4C18667FFCEB85321311417FE506CB222C6B1D802CB20
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03C1C8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f0b14357b39a86b66991422ee2354101e437f8e0b73cf8ccbb47ed50663337a7
                                                                                                                                                                                                                          • Instruction ID: 17e8512730e9df7f351dd489bfc7a0fe2c85b057d8042f71dc0faecd052da5af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b14357b39a86b66991422ee2354101e437f8e0b73cf8ccbb47ed50663337a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F08C727002185F8B048A5DE8849AFFBEEEBCC260314C02AF809C3345DF71EC028BA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09CAA0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0bddfcca931266d970ab8a47b038199cd3fd7cc09d86fcb6f315cd0f3a23977
                                                                                                                                                                                                                          • Instruction ID: 26eead6d8dde36aa57e7d9b378a8fbccc9c7a1d56f70fad93b2be9b4c47fc3c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0bddfcca931266d970ab8a47b038199cd3fd7cc09d86fcb6f315cd0f3a23977
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38F0A030B041944FDB0587BDA0284AA3FFA8FCE70971A80ABD049CB3B5C820CC02D796
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09CB08 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dde733fd4520a2d3699a21d09a33286da521f88b5ef28d004995c29074e2b72b
                                                                                                                                                                                                                          • Instruction ID: 66e3f0931ee77c2fdfa0258f190f112d0a670d5be1da2d4888c66c76bf3cf18e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde733fd4520a2d3699a21d09a33286da521f88b5ef28d004995c29074e2b72b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F0B430A0420D8FFBA19B7EE4257663FC9DB92304F040165D009CA662EB28DD05DB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068355AF Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5b601747fdcef80fa8ea3aa9bac859bb9eb9daa0c3fcc37a419132f2a1c75b0e
                                                                                                                                                                                                                          • Instruction ID: 203170e2c54014095e4afc1c2bb5700a36a59f3a1a781a6c04fc9128578f5aac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b601747fdcef80fa8ea3aa9bac859bb9eb9daa0c3fcc37a419132f2a1c75b0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B201C230406B518FD316DF66E408596BFF1FF893147008B6EE48A8B722DB70A84ACF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06835550 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d49141e6b32672d97337db156fe4cd2d08ff07a7fdcd7f754d88d7d41fec2cc2
                                                                                                                                                                                                                          • Instruction ID: c96cdaf3b38ea5e848b3c92ef519eef3524a312833cef2f6dd8edad1892a2776
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d49141e6b32672d97337db156fe4cd2d08ff07a7fdcd7f754d88d7d41fec2cc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91F0F6301053A58FC3229738E44835E7FE1DFC5300F04056DE147CF752D7A9680A8B92
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CF70 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 755317f18d799cf08946a866c36f6010e777367d31d425e4c7d8826d297f8410
                                                                                                                                                                                                                          • Instruction ID: 5d3254e8882c6a47a1e741dc79acb14bae1c3a54b585ed3542f47f1a97633af2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 755317f18d799cf08946a866c36f6010e777367d31d425e4c7d8826d297f8410
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2F0DA753105149F8748DF5DE588C6ABBEAFF8D6243654099E519CB332CB61EC01CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0475A6 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3a402c891bc230489f9e39d2075d01c6d42816bf5e4a8347a458c5f7d760efcc
                                                                                                                                                                                                                          • Instruction ID: 6c3358e9b98f629e82d0cac60d4e3f521500fb02340e6297d3469fba09b89b6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a402c891bc230489f9e39d2075d01c6d42816bf5e4a8347a458c5f7d760efcc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF027353493918FC325CF78E8909963FA5EF8621871504FEE09ACB222C271ED46C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FF60 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 956bb9b0b292d717ee68682a9fbf1cf090313127a343320551d83cc3a1b8e04d
                                                                                                                                                                                                                          • Instruction ID: 287ef454f638cb5bb0a5c5afac319f620c7224019cae9e1ba07bfbbd0d574837
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 956bb9b0b292d717ee68682a9fbf1cf090313127a343320551d83cc3a1b8e04d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBF05E36E001199BCF04AFA8D4106DDBBF9EF89310F11857AD609B7350EA716D158BD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06834DB0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 34484e7e3da28079de1f8747195b8070524a38fa328969b3ea5f52b4763a956a
                                                                                                                                                                                                                          • Instruction ID: eeac8a421ea1f64840aaab5a017e23d05570a47163dbdf78314e4623991bdb15
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34484e7e3da28079de1f8747195b8070524a38fa328969b3ea5f52b4763a956a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F06C316082685FDB55D6ACE4116EE7FE9D788265F14816AE50CC3381DF75D901C790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048827 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 32514493fe335ad6e24219e04ac26a6c7ba21afbcb0cb3b8a8eda05d4226b184
                                                                                                                                                                                                                          • Instruction ID: f386efcf506a85a9fe1ddc60a2353e125ee00a7b771ab3c80f60e29ec1f410d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32514493fe335ad6e24219e04ac26a6c7ba21afbcb0cb3b8a8eda05d4226b184
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F0E23270868C5FCB01AE38AC50AEF7F7AEFCA304F04852AF44597252CA718C1587A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03B128 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1930d337c1fa9f2fe0967dadf28a2c782e6b615e7dba8a9d98e2aa8031f75f65
                                                                                                                                                                                                                          • Instruction ID: 8e5079a3ca1130f17750d3b63f7f3ebdff52679a41e103168acf8e128a0f3d9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1930d337c1fa9f2fe0967dadf28a2c782e6b615e7dba8a9d98e2aa8031f75f65
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE01A723141181F5B68AAAE9C80A3FFADEDBCA5A4359806BE51DC7349DE61DC0143A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683F21D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c6410d5af414298099f79a495c311f6f3ab9c88d2827e3afa5925155bb104b07
                                                                                                                                                                                                                          • Instruction ID: a3f0ec823d82d3242cc6a96497900d9b3188621a7266b200a3c5bb8d48137758
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6410d5af414298099f79a495c311f6f3ab9c88d2827e3afa5925155bb104b07
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F401F679A01269EFDF00CBA0E945FADBB72FF48304F104016F901B72A1CB749941DBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EA58 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a777a5fd6f75b92a2675e2f11bfed1e8f3167fae9fea3599e40fa4259e02b46b
                                                                                                                                                                                                                          • Instruction ID: 44ef26bafcd5f3105e941a1caddae258700e25d7ce519c8bc94bfa7df7752e89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a777a5fd6f75b92a2675e2f11bfed1e8f3167fae9fea3599e40fa4259e02b46b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F082318197889FC706DFB8D4114EE7FB8EF82210B01869FE48ADB1B2EB745584C792
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E8628 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e0dde46b52baec77e4a1cc517d184047b64a0391d9baeb7262f64b57b7fb8438
                                                                                                                                                                                                                          • Instruction ID: d84c9d06e0c65eaa866d299a3d1d299d54902723222409c933d807a4916585a7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0dde46b52baec77e4a1cc517d184047b64a0391d9baeb7262f64b57b7fb8438
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0E0D8327083641F8765C96B6C988ABEB8AAFC567470982BBF814DB191E924CC0656B1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FEF8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 30d495dfb777f0ac31dcdf50a050102d2c919f9a2e410bb52a41acaef20f7a22
                                                                                                                                                                                                                          • Instruction ID: de106879ba37c2c33af7add1cbcac9680e8e0911073fa7275a06ee21739c420b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30d495dfb777f0ac31dcdf50a050102d2c919f9a2e410bb52a41acaef20f7a22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F039357011055FCB49AB7DE11882E3BEAAFC96513604069F40ACB3A8DE26DC068796
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09A0C8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c2a62e49d8f08b82b1b482083d8dd55e0d1a02859b65a8418270f7099ede6302
                                                                                                                                                                                                                          • Instruction ID: 2645a74e80e13a193fb0e513696a0477ffc374f00ec8d2a8316ec9163d145cac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2a62e49d8f08b82b1b482083d8dd55e0d1a02859b65a8418270f7099ede6302
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0A071E44259DFCF44EF7898185EEBFF8BF49350B2081A6E899D7211E3304A16CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F730 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 012d2192f632e320a68daf053b4aaa46916da76c826109203a2ebcdbf1909beb
                                                                                                                                                                                                                          • Instruction ID: 22c8b62f416964511eca95a9d159594c46228cd927f55cd7150d0194cfd9398d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 012d2192f632e320a68daf053b4aaa46916da76c826109203a2ebcdbf1909beb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0B831C0024D9ECB01EFBCD8006EEBFB5AF46300F10816AEC49E7211E6320A59CBD0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E260 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e875d6f5f06757009247223d18ee80ced0c884102884cf28b04213ec08ed689e
                                                                                                                                                                                                                          • Instruction ID: cbeaa2bd4f1cf27db6044533f82a994a4b9a7d17b91a6fdd6e4d1c51efca453c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e875d6f5f06757009247223d18ee80ced0c884102884cf28b04213ec08ed689e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF037327043918F87198B14A4594BD7FA6DBC6315309856FD447D7351DFB458068FA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09CB7C Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 38edbf91ea47ece848ff8b226351633ee71423af0956501083a5c55c028e0e90
                                                                                                                                                                                                                          • Instruction ID: b2a148b8af8dafafd7e2297b0a522caafee5a0082c7509a09a921000e39170f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38edbf91ea47ece848ff8b226351633ee71423af0956501083a5c55c028e0e90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF055B1A0E2888FEB02AF3DEC711917FA0EB8230470402D9D080CF277E368C90ACB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09B2D4 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93627e6be5bc3f23efd17d51ee9ec53e8d5fec8607f9afd30101198fa1943946
                                                                                                                                                                                                                          • Instruction ID: f53ecbf99c08d613c060b5850a53680272e75fc992c3d5812c55f9cb60b9341a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93627e6be5bc3f23efd17d51ee9ec53e8d5fec8607f9afd30101198fa1943946
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF0E5353043588FC7016BB8B81812A7F75EF877227158396E06ACB7F5EEAC9C458780
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09A3B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a5888e1546832c1632c6283d12e9ff654d2f0fe5f0260b8d9aac84510aa5d3c0
                                                                                                                                                                                                                          • Instruction ID: 1e3ce4e325e067343d7d270523864934b2233c876188fa3e78475fc1b4bf6431
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5888e1546832c1632c6283d12e9ff654d2f0fe5f0260b8d9aac84510aa5d3c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F0A0317A83841FD725877C94246EABFE8EF46340F1941AAE082CB1A2CA30D892D750
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047A8A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c3b4bb2d4054eef0384c6106584edecf618e47e663cb9d42773a44d9cd1f33ab
                                                                                                                                                                                                                          • Instruction ID: 2f23d9bad7840dac1346c9775b04d19c3d5a7be141ed2ccf108e0a035f068e5e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3b4bb2d4054eef0384c6106584edecf618e47e663cb9d42773a44d9cd1f33ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF03072724208EFDB05DF54E8858BF7BBAFBC8350F00851AF54686150DB71A951DB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048838 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 03bea9949da75b0ff2df5606ddfe717b231a7aec346077ff2eee28dd0ce9efa8
                                                                                                                                                                                                                          • Instruction ID: a3db560689b1e1089d5950ecdda72ed1f20c12c198514235f0857f55c04b8c44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03bea9949da75b0ff2df5606ddfe717b231a7aec346077ff2eee28dd0ce9efa8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E0927270060D6BCB007E69AC509DFBBAEFFC9210F00892AF90597251DF719C2597E1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5B61 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72060de418fe105c1d029cb8f0178fe0e3a2bf5f1e7eac58b1f8b6efc529bf0e
                                                                                                                                                                                                                          • Instruction ID: 44e70ad03d27949a85f5a569dbea74877887fbeb024cca327e576b076eab658e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72060de418fe105c1d029cb8f0178fe0e3a2bf5f1e7eac58b1f8b6efc529bf0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF065312447404FC7159BA8D8598A9BFF4AF8A31430489EEE046CB372C675EC418B80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EAC0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a99c74c9076a8629e405df31dbad44c7672e51d4f90d221cba70749c91c1bd47
                                                                                                                                                                                                                          • Instruction ID: d2dc674c506b318b63e4d2f8df351d0316481e86f60f1a76839661a83524e284
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a99c74c9076a8629e405df31dbad44c7672e51d4f90d221cba70749c91c1bd47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F0653260075A9ACB05EF69DC804DAB779FFC53607108A2AE949A7101DB70A54587E0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068355C0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d0ca48f9ca25f2ca6b06e008d63caab8eb1309078aedf6396e1fcbf96f619a45
                                                                                                                                                                                                                          • Instruction ID: c51b759760e63dfd28e0f8e087d65e13d44728c339b828066e84f7718c72fb18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ca48f9ca25f2ca6b06e008d63caab8eb1309078aedf6396e1fcbf96f619a45
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F01734501B128FD764DF66E408596BBF6FF88315B008A2EE44A82B16DB70A946CF84
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A045DB7 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6ce679576a886d49c15fb958fc3514232cdf11bec9eb46f3132b07facb3ad71d
                                                                                                                                                                                                                          • Instruction ID: 4dc310b6b789ad32c14acf1d9dfe61c7af9a82d2d735c4f59b431724258fdf4b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ce679576a886d49c15fb958fc3514232cdf11bec9eb46f3132b07facb3ad71d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0E5A160E7D44FD38B46346C282957FB26F87210B0A41EBE081CF6A3D6585C06CB22
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03A991 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9119f5c9bc8190e9951c23c7dd68e0cf6483b151cb0f3e7874a1f492e9087aeb
                                                                                                                                                                                                                          • Instruction ID: 6543911117f1c5a4c1ed7d30deb09dae7fcbec471f457a34119b68bbb1acaae8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9119f5c9bc8190e9951c23c7dd68e0cf6483b151cb0f3e7874a1f492e9087aeb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE0863620A7589FC7154A7994114A63FAC9E8216271640BFD446DB171C5B28842C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A038C95 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ba93a296041d600724ce6e7fd33381ab497e80aea6a0fe3fa732e1a28f4d12f7
                                                                                                                                                                                                                          • Instruction ID: acbff8ec993829fd75c88092962dff30533d7fa6df7b2f7454c6a4e29867dfdf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba93a296041d600724ce6e7fd33381ab497e80aea6a0fe3fa732e1a28f4d12f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F0A9366010499FCF41DF94D6449CDFBF2FB48310B25D2A1E5085B225C771ED55CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EA1D7 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 54b58d6e56898359936db39a8d3e8f2ee1f99df546156e12632779515b4dc881
                                                                                                                                                                                                                          • Instruction ID: c52dc95f75ac6825f565b01d9146c550c2a005f8399767e1ff2be620141940b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54b58d6e56898359936db39a8d3e8f2ee1f99df546156e12632779515b4dc881
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3E06D70E4920DCFCB84DFA8E4412EEBBF0EB89721B2082AAD449E3700E7310542DB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04E6A0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9628491cddda652c597fb4a999e2e5a0f81389ee2dbec79d509bc87b463a00d7
                                                                                                                                                                                                                          • Instruction ID: 4f125b12019cbe56b0e92a1e8c2e27fb3e9748a9d7217a10fdf545a4f28d3039
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9628491cddda652c597fb4a999e2e5a0f81389ee2dbec79d509bc87b463a00d7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E0DF323042946FC7055B2DE4148AABFFADFCA52032900E7E484CB223CA20DC43C7A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EFDDB Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 67379d4120f7c4858025057736f630a433c68f60411671921d74ba693cddabfb
                                                                                                                                                                                                                          • Instruction ID: 60a53526d654d191a756191b9683eba3ff2074669f9ddafdeb6f3c10dc7004ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67379d4120f7c4858025057736f630a433c68f60411671921d74ba693cddabfb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99E022313003848FDB119F34FC8556EFBA2EFC1224B14893AE9528A2D2CF329C0AC304
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6560 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b02b33782cd73870731b69967b46b385c37c753a92862691afa124df7b48e347
                                                                                                                                                                                                                          • Instruction ID: 3b5d34c094f6ee24a1ecbca3d7fa8d9fc048d110acf9c055da0fcea29df50e0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b02b33782cd73870731b69967b46b385c37c753a92862691afa124df7b48e347
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F01570D9024CAFCB48EFB8E4514DDBFB0EB56300F0086AAE409E73A0EA755A08CF41
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09DCF0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a145fc24ad5ec314cc1384b18d129c1ae817854ce7033e098dbfd40aa94174e9
                                                                                                                                                                                                                          • Instruction ID: efb0f3b7d8f9e480f375c88e34040869b0a15ad06f38309ae0da96db5843f767
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a145fc24ad5ec314cc1384b18d129c1ae817854ce7033e098dbfd40aa94174e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0682038E3AC0FDF968778E8246653FA14F8B31030945C2D045CB192CA185C82C777
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03FF88 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 82647f8f81e3b2eccadd824fb06e6b96cbe964ea4cda8bb9da9fb5634efe960d
                                                                                                                                                                                                                          • Instruction ID: a60a4768fd293182a69737e2e62eb24dd4c681eed5e6f0989d251dfcd4484c00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82647f8f81e3b2eccadd824fb06e6b96cbe964ea4cda8bb9da9fb5634efe960d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90F039312002419FC701DB28E948C45BBE4FF8522031A95AAE1498B332D760FC45CBC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A036781 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cdaf2a8817241165773c26fe5f01af19540ef543e97c850f3282f2f39be01cfe
                                                                                                                                                                                                                          • Instruction ID: 70a281ea28dd9321175858a32b252582126c0c3fc0e5e4364fb58049f35eb570
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdaf2a8817241165773c26fe5f01af19540ef543e97c850f3282f2f39be01cfe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE0C234211B048FC359DFB8E1A8896BBA5FF9A21131184BAE91ACB721CB35D841CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098AD0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df1067ba6c0f5896192580ba94cee1b1f62d5b7bb0aadc6f920d6a62ac50d47e
                                                                                                                                                                                                                          • Instruction ID: d1ed0a093ce68483cdde4dcc1f9349f3eb375a4c87ffd08f328a7dc3bf9c4822
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df1067ba6c0f5896192580ba94cee1b1f62d5b7bb0aadc6f920d6a62ac50d47e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E0C974E012189FCB40ABB8A9092AEBFF4EB49200F14416AD90AD7245EB355A11CBD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A098B17 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 70b94890368a16cc70bbfae74c8280be7062d58c02a3da3c91296b8f7fc0a843
                                                                                                                                                                                                                          • Instruction ID: e857680664c98fb658497253105b08927ca35c05a106b88143498ffa12e46ab4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70b94890368a16cc70bbfae74c8280be7062d58c02a3da3c91296b8f7fc0a843
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E0ED75F042589FDB119B74E4192ED7FA0EB46300B058196D919C7241E6365A1A8F81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09A3C8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 542be42893ff4cf99b41adb2e69b141aa0e85444dad1d12e3ea9cc4d40208319
                                                                                                                                                                                                                          • Instruction ID: 9005511261ebce7300317e3e348b653e29422919bacd29bd17cb1f0168c41908
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 542be42893ff4cf99b41adb2e69b141aa0e85444dad1d12e3ea9cc4d40208319
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FE0DF327603081BE314A6BCD004B67BBCCEB883A0F44806AE202CB2A0CA20D881C794
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04F740 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec135078f4a8cdee5e087f8a3ff48000d939dfa0472184ae87a7126b2ab8f152
                                                                                                                                                                                                                          • Instruction ID: d93fd70a59c80313b413fe55f9eded859d5026da4fa6b07ed287e7ea5b7371ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec135078f4a8cdee5e087f8a3ff48000d939dfa0472184ae87a7126b2ab8f152
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F01571C0021D9FCB40EFBCD8005EEBBB8AF05200F108126D909E7214E6345A548BC1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047748 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9be4a467beb731b1f33406e0c1bb920a8369e297e17d45e05e491ee3f4c8eb8a
                                                                                                                                                                                                                          • Instruction ID: 6557d2c7a433c8c49bec461a3a36aee182b6ad59b990367dbd8a46ffbe0e1b79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9be4a467beb731b1f33406e0c1bb920a8369e297e17d45e05e491ee3f4c8eb8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BE01235109694BFCB030BA4E8208D5BF65EF0F21931840E9F5459A113C2339863D790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A038F91 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: db966e2b5ecbea3cf1ee33078a71b95c58f110f1b32eb04df6b909f5861fd864
                                                                                                                                                                                                                          • Instruction ID: ff0b2ce41c4d50a1bce90819d7c42fbe11567e5ce505f4a55acfbbb58ca417a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db966e2b5ecbea3cf1ee33078a71b95c58f110f1b32eb04df6b909f5861fd864
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE0C232A442144F8B19956A78294EEBFF8DEC2221B0581BBD949C7261EB608926C6A5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6518 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 622553eb2a1d48f438ef3d04bbd7e609d3b864b15e61f6d4420f46d46e3b8f67
                                                                                                                                                                                                                          • Instruction ID: 050892f44d427bb7798a5aa93fd6ffb6f767cd0af0b9526b0c0ed7e02c3d0362
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 622553eb2a1d48f438ef3d04bbd7e609d3b864b15e61f6d4420f46d46e3b8f67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDE09A717502488FC755CF28E0548917BE2EF99310B0284A9F0458F369EA39EC02CB41
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09A0D8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7a555a02932f7b888b42416025f309d9e1ca1c9d84b82eef82380e2249782176
                                                                                                                                                                                                                          • Instruction ID: 0405f9d1d1d8f2289feaaac7e5adcc5d47936e53726d7308528850915fb9c346
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a555a02932f7b888b42416025f309d9e1ca1c9d84b82eef82380e2249782176
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E01A71E0021CAF8F84EFB898045DEBBF8AF48350B108166E45CE3210E7309E14CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06837AC9 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3d73e1e77030aeae85832fcc1efbfe9ec8a6957da4dc6b3addb1ee50bf84390c
                                                                                                                                                                                                                          • Instruction ID: 4273ea49c7ab5cf8d9a07407ed227d1496b5693b3a1c17edc7aca076f2d3bc9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d73e1e77030aeae85832fcc1efbfe9ec8a6957da4dc6b3addb1ee50bf84390c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF0EDF05086D08FE782DB38E41668CBF60DB8A714B01029ED5408B782C6399808C7A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E270 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2c3abed50b3ea5d0f5fe5db2c58182546fbd06071db4cf8c262ca711f0a8acdb
                                                                                                                                                                                                                          • Instruction ID: c8fbb4041448f9b9794b715f37d84663d8c155fbd79a20d3a873c63c5bde2a2e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c3abed50b3ea5d0f5fe5db2c58182546fbd06071db4cf8c262ca711f0a8acdb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E04F367003958B86159B18E8488BE7BABEBC6715308851BE80BD3300DF7468068FE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E397 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c1b58337f2175ddc2f25df02e69cd5f0f9b9defb26440cf761dd5e0159c821f8
                                                                                                                                                                                                                          • Instruction ID: 6a8c6d71fa8252b328782a127075a3d529ce99c4a516d01beff0b122989eee34
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b58337f2175ddc2f25df02e69cd5f0f9b9defb26440cf761dd5e0159c821f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AE048311463598FC7159B74E41D49D7FA5EE4625130841EED946C7352CA76C502CB11
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5B28 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5461c88f1a5fe5818a91591e64faa9a5e189b20554d054347505bccf883503c2
                                                                                                                                                                                                                          • Instruction ID: 4f2183d6da8247326c7fee91c483a8168ff46c42fc96fa8ac7f5509fddc81bb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5461c88f1a5fe5818a91591e64faa9a5e189b20554d054347505bccf883503c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5E086306596918FC7069B38E4948A87FF49F8B31131441DBE151CF372C6F19C018B40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09FA80 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8d4f8347a31dbf472883bcfb261778ceaef3cafc13403368027fb70129f023bd
                                                                                                                                                                                                                          • Instruction ID: 14582f61685db859b518c221a4ac31d6045ff6d85a160488ef73bdf6e9b9b815
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d4f8347a31dbf472883bcfb261778ceaef3cafc13403368027fb70129f023bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81E0C21270D2D11FD743A29CB8109AA2F978BCBB14F0D48D3F084DF297D86C0C4A93A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683F668 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7c57a7db6f2547e127f4b37a80eeab41036ac9f6b8e31942060628119deaeaab
                                                                                                                                                                                                                          • Instruction ID: da681a820d6fb42401f0c77f883cf5eb57a7092bb3176d10565ed9d5673be77e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c57a7db6f2547e127f4b37a80eeab41036ac9f6b8e31942060628119deaeaab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94F039B0D0424A8ECB90DFA9D4019AEBFF0EF09200F1081AAD659E7211E6384640CFD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04FA53 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5725683b636319145191d7a457009a646ef1c925994a3a4bac6c66cc1fec2380
                                                                                                                                                                                                                          • Instruction ID: 61f8f3998cdf007fcf70ca82d326d337cd901fb731787a4c6ace53d8d3baac52
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5725683b636319145191d7a457009a646ef1c925994a3a4bac6c66cc1fec2380
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59F06DB090070EDFC711EF74C5555AEBFF0BF06700F200569D002AB250DB705A85CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0417C1 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 403425a82ffe3a862c62fb00fd8ad01fe9682a8030549000279a53f8256ec591
                                                                                                                                                                                                                          • Instruction ID: 7573a3f4f19e568b903834dfbba3beeb268206bab37bcff4d528dce1b0fcd88f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 403425a82ffe3a862c62fb00fd8ad01fe9682a8030549000279a53f8256ec591
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DE086797019594FCB196F3CB4AC0BD7BB1EFC93117044179E446D7641DF3498518B46
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03EA68 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d3825bc57490d466716821cbf994fa0626706aeb84c63a89d42e728fdc5016fc
                                                                                                                                                                                                                          • Instruction ID: 7c07dcb47ab0566cdfa20766048f311374516328017ab4687d7d3b056b6cb42f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3825bc57490d466716821cbf994fa0626706aeb84c63a89d42e728fdc5016fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDE04F329147189EC705EFA8D4444DEBBB9EF85260F00865FE489A7210FF7096C087D6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5B70 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: de870a13bf785f1378aa1a6771fedd891251e6e708d623470eaed2eebb623b02
                                                                                                                                                                                                                          • Instruction ID: a7dfbd092aabd170a7f83782a36f484d86c78c48060cabdb9d15027c5cf3c60d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de870a13bf785f1378aa1a6771fedd891251e6e708d623470eaed2eebb623b02
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAE08C303006148FC714EB6CD844C6AB7E9EF896143008469F10ACB720CAA0FC408BC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EFDC6 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 28dc7833e2921407a9fe1a3bac676809eb9490e37eb2945639598e6926b0787e
                                                                                                                                                                                                                          • Instruction ID: 9c53ae0460504256a90e7deff5cf81ebeebd4a95f19a37b77404d71e1baf8d76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28dc7833e2921407a9fe1a3bac676809eb9490e37eb2945639598e6926b0787e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE026312093888FD3B1CB38A40087EFFB2FF802627104D6BD852C6056CB331048EB54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04CE80 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bfb27971375a6a74cd0dc3f310e7a9ea78dd56aed190e0efde1d5e73bf66abe3
                                                                                                                                                                                                                          • Instruction ID: ed8f0c4fc3df8e53a3885c6103829d9e17797dcf77d5d96307d18d628fea01cc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb27971375a6a74cd0dc3f310e7a9ea78dd56aed190e0efde1d5e73bf66abe3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CD012397105144B4609566EF40885EF7DFEFD9A2135550ABE505C7332CEB0DD0247A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0417C8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a8576e600a3278e5ab22999ee61e2d2071698743891755e243438b0be306820b
                                                                                                                                                                                                                          • Instruction ID: 70f24f59e2409dd0227923af479366c2874458b9ce7a26a940937523773af478
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8576e600a3278e5ab22999ee61e2d2071698743891755e243438b0be306820b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFE08C79701A188BCB097B3CA85807D7BA9EF852117000129E40AE3241EF289841478A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0475F1 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c30c6a144261051efe181bc9903450108d4d64d9d6cad76b7d474329785e46bd
                                                                                                                                                                                                                          • Instruction ID: f9210fb6e7b9e8694ffff81f337ef8ce64b11de6749e790f8fd3c8efa1144f86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c30c6a144261051efe181bc9903450108d4d64d9d6cad76b7d474329785e46bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E0C23474E7C91FC752D7BC68204DABFEA4F8B19134841EAE888CB253D924EC4583A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6570 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 58db1e818601d8be5bf3920c3ab45915d3b12cb9a89fa4980ed2b9737bc4947e
                                                                                                                                                                                                                          • Instruction ID: 9be10958ba28d6c89c4d935d515761e38a935243aaa25421fee780f5c6eff718
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58db1e818601d8be5bf3920c3ab45915d3b12cb9a89fa4980ed2b9737bc4947e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83E09A70D0420CAFCB44EFA9E55559DFBF5EB45300F0081A9E419A7364DA345A09CF95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068316CF Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bc981b52506f182b1d3e6cb3e388ca0186a27b7751790904ada087875a049dff
                                                                                                                                                                                                                          • Instruction ID: ded8f48bb044dba1603c8ade8fdc3f6382e26f64eb8f3f5757c76975bffb9f96
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc981b52506f182b1d3e6cb3e388ca0186a27b7751790904ada087875a049dff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E01230950209EFCB50DF78D50567DBBE9EF46604F4045B99809D3301DA311A06A761
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E3A8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6a7db867d379f61f54fc534f5ab77707e0e8d8177c86fab9199c2967e1d17579
                                                                                                                                                                                                                          • Instruction ID: b005f4a6f1af1085a2dc557580b3565a844254fcc08b6d5ee0df9cc26f5da12c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a7db867d379f61f54fc534f5ab77707e0e8d8177c86fab9199c2967e1d17579
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D05E3220132DCBC7142BB8F40C499BBACEB462A2308417EEA0AC2342DF76D901CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6498 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 953422fbf44d0eedbc1652db7cc9dab62de03f39b586b5c1918dbd9724daca35
                                                                                                                                                                                                                          • Instruction ID: b40db20737fadbb56d2a88f9bc15b1d3fac16b7a531ea28d669e219b2eacda32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 953422fbf44d0eedbc1652db7cc9dab62de03f39b586b5c1918dbd9724daca35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE0C2318183849FCB56CFB488218E97FFCAE83350B1142EED485CB126E6320E108B52
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A041809 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 42a0c92c0b8ed5dc97f6ad314ea45d7f2070bc6de9cc7038e96529e70b1e4d3f
                                                                                                                                                                                                                          • Instruction ID: f7034fb398737246283cdf596305184cb1f9c46dca9f1895b602785b341fd853
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42a0c92c0b8ed5dc97f6ad314ea45d7f2070bc6de9cc7038e96529e70b1e4d3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4E0C2706066D88FCBA10A64A1983E07FF06F4A625F0C24AED4D587942C6222892CF01
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04305A Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cd2a292f7a22a146d33270674678f2ebe35bd1a001ab44271ed14b9f6dc4609f
                                                                                                                                                                                                                          • Instruction ID: 77c457db85cac2e777e64020762c3a17de5d3c64acfb8f285c7eb6fa66a84aed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd2a292f7a22a146d33270674678f2ebe35bd1a001ab44271ed14b9f6dc4609f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BE0E575A0021DCBCF209B90E894B9CBB71FB44311F1081A6E649A2250CB315A99DF51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04E6B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e9e7e74b68e8f636e869611c20b0394bdd363481fd4bc889506c77f71cab1eca
                                                                                                                                                                                                                          • Instruction ID: 54d53be98770c294c15370f429e698f1edcd07ccc542102d99c3b46c98615274
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e7e74b68e8f636e869611c20b0394bdd363481fd4bc889506c77f71cab1eca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7D05E327102249F87089F1EE40486ABBEFEFC962132540ABE109C7322CB71EC03C790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E56F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6614b583f959772f5c398d8055a350e934ada1f0cf0602b5b5eaf8706dc1ffba
                                                                                                                                                                                                                          • Instruction ID: 086c8fe95c274fd8e2457bc0cd6a1663fad9478596875c2f249aba519739cdd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6614b583f959772f5c398d8055a350e934ada1f0cf0602b5b5eaf8706dc1ffba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2E0E231846B48DEC70AABB4D85588D7FB4AE1630070142AAD486DB222EBB0459ACB11
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E6460 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 41c1c76edd2ddeb3579db18cd4f2b275686705dedc00717ac3a21397cbaedfe3
                                                                                                                                                                                                                          • Instruction ID: 887e9f7465e17eeb79cdf08f621bf1260c94b40a23e7dd49e1aae68bc300c509
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41c1c76edd2ddeb3579db18cd4f2b275686705dedc00717ac3a21397cbaedfe3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1E09274E05208AFCB44EFA9D44449DBBF4AB88200F00C0AA9809E3300EA349A408F81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06835681 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3c61ae86539fc7ffb0ceb74db2a73ab0b29db114b781c2aebd398d9fb897003f
                                                                                                                                                                                                                          • Instruction ID: e47f7da113d8ac98308eb378b4b646a5760be290ceb477874088d4d3e694a518
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c61ae86539fc7ffb0ceb74db2a73ab0b29db114b781c2aebd398d9fb897003f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE04F2410D2D08ED793D72CD4093187F709F82210F9940D9C180CB4B7CA198919C3A3
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A040EB3 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9dd8e774f2a1f23cb50179bba2261aad8330f4f05b1902adc2e754ff1508eb80
                                                                                                                                                                                                                          • Instruction ID: 22104b75cf413100cbadbdae001963ce90517ea7ce1bdf4e522aabb1d89fc943
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dd8e774f2a1f23cb50179bba2261aad8330f4f05b1902adc2e754ff1508eb80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE0C2704582F0CFC39A4F7A94280A63FE16F8B60032908DED4D19F15AC9266C45DB80
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A036790 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a088e776f683fb7852d60217fd4403c51b6c07251cefac6dba32b467d6155de9
                                                                                                                                                                                                                          • Instruction ID: f399ea6083492a6f2165ab774f6808ba74957dda4d9e223fff87794647d50556
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a088e776f683fb7852d60217fd4403c51b6c07251cefac6dba32b467d6155de9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EE0E235200718CFC318EF69D058C56B7EAFF8926131084A9E92ACB721DB31EC00CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EC713 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fd8c9e4aa07c7c9aa4487114bb783e696acec7264531ca1a12f7653a6cfdd968
                                                                                                                                                                                                                          • Instruction ID: d6cc6cafce21dfda163a91af32b1b4e45dc3d0ce67e23945f2ce9deb4bdec937
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd8c9e4aa07c7c9aa4487114bb783e696acec7264531ca1a12f7653a6cfdd968
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D05E3420A7D48FEB539BB994989F97FF0DE4721031842C9DCC687623C3329012AB41
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EC720 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 71dd422ac9c0e85be4313184f34d2753e5df843da7a88b258ced6796465ad9d6
                                                                                                                                                                                                                          • Instruction ID: 46e7abc48dd0b8148820ed23c216aeece9396c1a0031014fe0aa4ed8af56e05d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71dd422ac9c0e85be4313184f34d2753e5df843da7a88b258ced6796465ad9d6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97D05E342013088BD340ABB8F0449A937AAEBC1706B048159E44E8B716DB76DC509BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EE510 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cbad0b25f320fe1e0d1e02b7a747c6fe0bf88b64a07bf30acd603762b8762486
                                                                                                                                                                                                                          • Instruction ID: 03644304d9f3117fb150bc0d01fddf68b5c24802a922a8661d9359e61c17e4f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbad0b25f320fe1e0d1e02b7a747c6fe0bf88b64a07bf30acd603762b8762486
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3E01AB1D0020EEFDB20CF94C848BEEBBB1BB44300F104566D405A3290DB705944DF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E56C0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 27b7c7d16f15422e00d4abf67b2ff03316a9a5270fe593abe7abf25d375a13a2
                                                                                                                                                                                                                          • Instruction ID: b6df1e2a4f7b9f72c5e3375ed862ed28b4f4043f9ad2756542b66775adbeaf70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27b7c7d16f15422e00d4abf67b2ff03316a9a5270fe593abe7abf25d375a13a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2D02E30409709CFC300BFB4D84088DBFB4FF92300B0000AED0869A021EF30A08ACB92
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F630 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 06d6301558402a4e11074a56127a588032faa7d49789efa85cbfc9c66ddf8270
                                                                                                                                                                                                                          • Instruction ID: def61e42410d276de8f8b09d4636838545dfa16c206c38f2eac54c5edec5392f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06d6301558402a4e11074a56127a588032faa7d49789efa85cbfc9c66ddf8270
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DD02E3A3001608FCB118BADE8008ED7B2AAB88320B004783D825CB3D1CA780E428296
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068316E0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2df23de78bfa66718d65dce5ee4dbbb558705a039972800da2b76a1db0eee692
                                                                                                                                                                                                                          • Instruction ID: edd9c351959d67ed3d32cd55e241a52470ee26a6840a12586380ed170fb9f943
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2df23de78bfa66718d65dce5ee4dbbb558705a039972800da2b76a1db0eee692
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DD01770A40209EFCB40EFB8E90155DBBBAEB46700B1041AAE809D3310EA316F04ABA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A042830 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8d70864f0785508feab52e4e2254342cb69eda2495cbf0a9739a8e3026d6a2dd
                                                                                                                                                                                                                          • Instruction ID: f37da3869c085b2bcff1ddbc0fd2eb540e1e5e31af0a66de631e4932d3b88099
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d70864f0785508feab52e4e2254342cb69eda2495cbf0a9739a8e3026d6a2dd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FD0177180AB808FC717AB3188200D57F71FFA7700726A9EFC0808E162DA660886CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047F82 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c9f11ecd55b618b8e1cf6f5a732c4471779671cfeb141e2d23c83df141ca85da
                                                                                                                                                                                                                          • Instruction ID: 4774d4462543dfb9e909b3b28f5b19d3ba5171d9b80d21c81ad16eb18f3deec7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9f11ecd55b618b8e1cf6f5a732c4471779671cfeb141e2d23c83df141ca85da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BD0173410E2C91FCB26876498658B9BF26AF8720070981E9E8858A123C6238866D790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047600 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6a0b4825f46dc5bd24f922d3c9dc2c2a560e06e90deaae34f46a1a781f89c51
                                                                                                                                                                                                                          • Instruction ID: 891696e80f43db9b64cf587d22e0f73779c6854024a29b10a509c99803253f63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6a0b4825f46dc5bd24f922d3c9dc2c2a560e06e90deaae34f46a1a781f89c51
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4D01231B1621E1B9791EA6DA4004D6BBDE9F8A1A538040B6E80CC7342EE54EC554795
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5B38 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 73fcecc05677f38bf3f103873bb804fa5f0acdea6c847409f6039c407eb40a8d
                                                                                                                                                                                                                          • Instruction ID: e2d1061265a2a00f040c9788cc335ab2f041e44c0b5df85ae644f0042766d189
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73fcecc05677f38bf3f103873bb804fa5f0acdea6c847409f6039c407eb40a8d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD0C9312509288FC705AB6CE454899B7E9EF4966531042AAF626CB335DAA1AC008BC5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0EC7B8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4998272195d916009ea2776e72cfcf318394664d785270a7c022c9fa64f9230b
                                                                                                                                                                                                                          • Instruction ID: cc23f77ceb43256f342a79a0fe8b5ea0925292829655c12489b08bb5ea010ea2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4998272195d916009ea2776e72cfcf318394664d785270a7c022c9fa64f9230b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D05E601093C45BDB072F24A4212A77F61DF83221B1509D6D0C0C9287C41C0D869765
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A047758 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e7fc55831fe827f8d31586d61036c8fc512d75501d3dd7ea1f92c0cb49459ca9
                                                                                                                                                                                                                          • Instruction ID: cbc7879d92adb0a0d0964737f6eb3e0ecd4cb93000f2f731782c7ec4c40bf4a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7fc55831fe827f8d31586d61036c8fc512d75501d3dd7ea1f92c0cb49459ca9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D09E36101218FBCB065F94E810895BF6AEF1D35972440A9E5099A221C777D872DBD4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E2B0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 096cacb9e45ecb322d7482da6c5835dade76dec88359ac9a634aa1e251d11e3f
                                                                                                                                                                                                                          • Instruction ID: 31f66b17dc7accab86013df1334573de36494beea56dcb8fa80d25cb95d26c82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 096cacb9e45ecb322d7482da6c5835dade76dec88359ac9a634aa1e251d11e3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D0A730244B498FC3462BB4D4247D53BE4DF05282F0201B5C209C7272EA2888418F60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E07A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d4e6e78db5d96a68ddfab4d0d23b06623a0dc44b4e5d88f7b325d85f52d6d8cb
                                                                                                                                                                                                                          • Instruction ID: db70905a77e683928e18edede6ee69a49a43b8db567b5ef13ea1edbff040e7c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4e6e78db5d96a68ddfab4d0d23b06623a0dc44b4e5d88f7b325d85f52d6d8cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BD012712487118FC715CF68E44484EFBE1EBD4350B008A6EE5A147325C670A88587D1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A040B4B Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93c1b33ee932f23091cbb39b88c2a894023267f562d9b37792410cabccb3d73f
                                                                                                                                                                                                                          • Instruction ID: 8a1904ebc5dfcecaf2a717cbdf0e466a31b65508d0412c9f7bd1a289b2edf986
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93c1b33ee932f23091cbb39b88c2a894023267f562d9b37792410cabccb3d73f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0172424E3C44EDF43ABB894201A47FB2EF87B0871840D9D0C49B6ABC21A9904DB66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A041818 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fe066665ee629f3e4f46c91456ad6901188a5f4d1b45a96c2d77a63b98abfd74
                                                                                                                                                                                                                          • Instruction ID: 16d56e4d8db08e3a67f83ab4c72d254fbf1990c5f410b846c1d5ab9aa8a0f667
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe066665ee629f3e4f46c91456ad6901188a5f4d1b45a96c2d77a63b98abfd74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FD0237050171CCFC7B05554D104351F7D8B704E30F44102DD89542540CB6174C0CF81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A04BE38 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c9586c3d8f6b2730588cf371d38c78a03429b1301cb850b75bed4db3089ea9a0
                                                                                                                                                                                                                          • Instruction ID: 5d8edc5511df8d3b0328fcd771ed078686b8bf5779fa4d1c66b9bb2b5c7c77aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9586c3d8f6b2730588cf371d38c78a03429b1301cb850b75bed4db3089ea9a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D05EA118E2C15FCF02DBB8ED748C53F33EA0364432809CAE490CA067D670582AC362
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F640 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 17212ba0c5e6096f08e2562183c42d9f685520e6ad46fdadb17f33bc1e16935b
                                                                                                                                                                                                                          • Instruction ID: 1b9455c94fd0bd87ceafeb89dca4b97179cf7df3dcddf8004e426c4128f71281
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17212ba0c5e6096f08e2562183c42d9f685520e6ad46fdadb17f33bc1e16935b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13C08C763005389BCB05A799F40686EBF2EE7CC7213008257EC0583780CFBD2E0246EA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E64A8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c9a583700ee29498afab5972fe28caef132c9e410150f5702fc36eee47cadd1e
                                                                                                                                                                                                                          • Instruction ID: d16bad01ab35737613d60d31c8edc80896335c9b5e48e722e825320704ec901c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9a583700ee29498afab5972fe28caef132c9e410150f5702fc36eee47cadd1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7C08C71A0020CAB8B00EEF58D104AEB7AEEB82140F0086A9D80987200ED329F1046E7
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A094F30 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 089824291b21cf7b67d7d2ff699a44d8fd08d10e811ff22e9ae4fbb7942c4f60
                                                                                                                                                                                                                          • Instruction ID: a15faa5973b9d0e6b33b09573ccdda1beb4fff22bd33af010eba7ac97bf76660
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 089824291b21cf7b67d7d2ff699a44d8fd08d10e811ff22e9ae4fbb7942c4f60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AC08C3119020DCFCB90EFA4F4088947BA8EF8422932080D0F50C87A32EB32EC119A50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A048800 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 76bec74f85f37ec90b0c556ac4ec26e5c467fb4324ec8e6c9a152dec468f6f22
                                                                                                                                                                                                                          • Instruction ID: b1514fda873191d5712d7153ff98dfb1c63eff59962338333654e2bd1fb33429
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76bec74f85f37ec90b0c556ac4ec26e5c467fb4324ec8e6c9a152dec468f6f22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D0923241060D9FCB01AFA8E9148997F79FB0A300F00851AE94566121EB32A565EBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A03E2C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9ed74e48e0fdc2bb1ba080f3af3fcd01c96268b7db5c9209cae8bfecf50f02e7
                                                                                                                                                                                                                          • Instruction ID: ddd3019293dd457cb1c1af01041b84e4246e248be7860b367ea5c321508f86b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ed74e48e0fdc2bb1ba080f3af3fcd01c96268b7db5c9209cae8bfecf50f02e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55C08C31300A0C4BDA401AF8B808767338CC740252F040028E20DC1641DA14E4009920
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0683C120 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 274b980e58e0c2ac4f1c6a1ae89ffe5884d9aa46c317b58207c93fad19c9f2ec
                                                                                                                                                                                                                          • Instruction ID: 9992cec57d99bd778b9646330510c9ca52936838493e629ee8ae02bf4e3a6f05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 274b980e58e0c2ac4f1c6a1ae89ffe5884d9aa46c317b58207c93fad19c9f2ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18C00235519BA08FCB87AB7485645183F31AF8B20831584D6D1868BAB2CE3D5825E321
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E56D0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c023975a569dce9f80b20b2001955bacbefe3cc4da3d7582be98d3d69c7cc31c
                                                                                                                                                                                                                          • Instruction ID: 0832b8e59a2113bcae535723dc1197e7e739ffe0ddd6f12de653db80947cc882
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c023975a569dce9f80b20b2001955bacbefe3cc4da3d7582be98d3d69c7cc31c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8C0123141070C8EC700FB68D40485C7BB8BB15300B405119D54556110FB20A599CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A0E5700 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718538165.000000000A0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a0e0000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1ada5acd51b455e4e9afd7f3683056b9518a3eb4225e326d45c7f2e89b695f6c
                                                                                                                                                                                                                          • Instruction ID: 952757b99ae0c67e2fa35641c39bbeec055f4757837ba03c1da6b1d6e2bb0372
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ada5acd51b455e4e9afd7f3683056b9518a3eb4225e326d45c7f2e89b695f6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60C0123141070C8EC700FB68D40449C7F78AB15300B00411AD54556210EB30A155CB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 06830840 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a93cff1e7c4741474b353531634dba16e9b2170a15f03f5dea4257b476860c8b
                                                                                                                                                                                                                          • Instruction ID: 20c6bdb1de54edd8ec97b2f1b530eefe82112bd1cecbf6432c712fa8f9bdea45
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a93cff1e7c4741474b353531634dba16e9b2170a15f03f5dea4257b476860c8b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCC0022000A3C54ECB131B7059243487FB09E1310872908DBC9C5C61A386150449C762
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A040B58 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f7f5e7870cf1f2b7f7f3145aaba16df5a26a4ea805607e6e9809b7ca02cba02a
                                                                                                                                                                                                                          • Instruction ID: 97f143dfb9dba3ab3f3a33054f36f2b7a5996a262926ba76eb44ca865b79a7c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7f5e7870cf1f2b7f7f3145aaba16df5a26a4ea805607e6e9809b7ca02cba02a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C08C2034D38807EF40AFA8A01067937A0E7C2B09F004298E4D4D374BC619A9008B72
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A041BA0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717548076.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a040000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5b3bba7be48b9a5fbe9b1c9cacd107b36c20fc8dd02e1cf4b72b3c81c1b2bb96
                                                                                                                                                                                                                          • Instruction ID: dd39679eb685d9fcff930e5fbaeec6578246230ce821162f84fb0c1c6ab02a1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3bba7be48b9a5fbe9b1c9cacd107b36c20fc8dd02e1cf4b72b3c81c1b2bb96
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CC08CB37853C88FC30B1A3084310F07B62ABA330030680AAC082052B1A9261841E312
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F650 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bab17018dfc13f58ede47c304c379cdaea4482edb93088d0b99b49fc31fc92a1
                                                                                                                                                                                                                          • Instruction ID: 2d7e2096ae0253ad7dd55ae59c249ae21fcda78aeba41464424a076f3e28db55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab17018dfc13f58ede47c304c379cdaea4482edb93088d0b99b49fc31fc92a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73B012333008758B8B0627B4F0140ACBB16AAFC6123100447D40AC1641CF180F1183CB
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 0A09F09E Relevance: 15.2, Strings: 12, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q
                                                                                                                                                                                                                          • API String ID: 0-2561617282
                                                                                                                                                                                                                          • Opcode ID: 5bc2c63cd69d8d6b7c39e26857c3d42f0a7284c1fcece9545bacf96d32309962
                                                                                                                                                                                                                          • Instruction ID: ec69851165e73ae5f36575520ad3e5a524b2a1803054ed2e575d8e6f17901bec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bc2c63cd69d8d6b7c39e26857c3d42f0a7284c1fcece9545bacf96d32309962
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F515270E4020EAFDB05EFA4D852BAEBBB2FF81700F104528D5046F3D5DA756D0A8BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F0C8 Relevance: 15.1, Strings: 12, Instructions: 140COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q
                                                                                                                                                                                                                          • API String ID: 0-2561617282
                                                                                                                                                                                                                          • Opcode ID: 4406121b2925d0cb735cd290fd8060e4e3dd8323083ca73e55cf8e1c2ecce71b
                                                                                                                                                                                                                          • Instruction ID: 5f8c6bd8e1adf93e24e4e751482bc9cb1689de343c5045963f46352231ddf88c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4406121b2925d0cb735cd290fd8060e4e3dd8323083ca73e55cf8e1c2ecce71b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32512470E4010EAFDB05EFA8E852BAEBBB2FF84704F104518D5046F3D5DA756D0A8BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A035BA0 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1717460660.000000000A030000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A030000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a030000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: \s^q$\s^q$\s^q$\s^q$\s^q$\s^q$\s^q
                                                                                                                                                                                                                          • API String ID: 0-1705958294
                                                                                                                                                                                                                          • Opcode ID: 168c7c03002f825eea45c845e3be3b813664aa82096d3178c7b449e5256debda
                                                                                                                                                                                                                          • Instruction ID: 97e31bef5f1931f4f9e53c95a411a83ee4d704989d039aaa50693ee93ff502d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 168c7c03002f825eea45c845e3be3b813664aa82096d3178c7b449e5256debda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27912934A0060A9FCB54DF29C99496DBBF2FF88704B558568E8099B775DB30FC45CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0A09F2F1 Relevance: 8.9, Strings: 7, Instructions: 130COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1718025020.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a090000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q
                                                                                                                                                                                                                          • API String ID: 0-124366718
                                                                                                                                                                                                                          • Opcode ID: 37199539ce2dc3932666ed066fa1f4db48ccf3b76a6fb9d9b665c9648db1ffcf
                                                                                                                                                                                                                          • Instruction ID: d8c6510168755e38aca086fcebdeacaf0ce3886f54c485017abb9ead86ced838
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37199539ce2dc3932666ed066fa1f4db48ccf3b76a6fb9d9b665c9648db1ffcf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F851E1B0A0024AAFDB06EF68E852B9D7FB2EF85704F044158D9046F3D6D779980F8B65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 068384EA Relevance: 8.0, Strings: 6, Instructions: 477COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.1709367852.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6830000_AppLaunch.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (_^q$(_^q$(_^q$(_^q$(_^q$(_^q
                                                                                                                                                                                                                          • API String ID: 0-2896069617
                                                                                                                                                                                                                          • Opcode ID: a08d34d4a14e8cdfa2775797f98dd09d9f3beae4be016793571434d83f3b4077
                                                                                                                                                                                                                          • Instruction ID: cf2335aad247b3e2a7626aa17e16b167751e82ef3b53597f1ff33370837a8e84
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a08d34d4a14e8cdfa2775797f98dd09d9f3beae4be016793571434d83f3b4077
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F1E174B053549FCB45AF78C4145AE7FB2EF86310B24816AE946DB382DA34DD06CBE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%