Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WCDVlB5SDr.exe

Overview

General Information

Sample name:WCDVlB5SDr.exe
renamed because original name is a hash value
Original sample name:e4680b5d58eb24f57fa55432f03bead9.bin.exe
Analysis ID:1438243
MD5:e4680b5d58eb24f57fa55432f03bead9
SHA1:57d840b6d22b97d21d942bb6b437dc4a58b790f0
SHA256:ad79ea754a43dc0566088a655b0e0ba4e2da15ac4271b0f7bdd026eef70e2450
Tags:exeRedLineStealer
Infos:

Detection

PureLog Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected PureLog Stealer
Yara detected RedLine Stealer
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Installs new ROOT certificates
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WCDVlB5SDr.exe (PID: 2940 cmdline: "C:\Users\user\Desktop\WCDVlB5SDr.exe" MD5: E4680B5D58EB24F57FA55432F03BEAD9)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "15.165.134.129:8649", "Bot Id": "HJA", "Authorization Header": "253650f05db7104c6104d8c62c5dc67c"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
      • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
      00000000.00000003.2294050534.0000000003080000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
      • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
      • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
      • 0x700:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 15 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
      • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
      • 0x1e9d0:$s5: delete[]
      • 0x1de88:$s6: constructor or from DllMain.
      00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
      • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
      • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
      • 0x1300:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 15 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
      • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
      • 0x1fdd0:$s5: delete[]
      • 0x1f288:$s6: constructor or from DllMain.
      00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x1150:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.3.WCDVlB5SDr.exe.3080000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x700:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 15 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1e9d0:$s5: delete[]
        • 0x1de88:$s6: constructor or from DllMain.
        0.2.WCDVlB5SDr.exe.2f00e67.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x700:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 15 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1e9d0:$s5: delete[]
        • 0x1de88:$s6: constructor or from DllMain.
        0.2.WCDVlB5SDr.exe.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x1300:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 15 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1fdd0:$s5: delete[]
        • 0x1f288:$s6: constructor or from DllMain.
        0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            Click to see the 19 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:05/08/24-14:12:52.401835
            SID:2043231
            Source Port:49712
            Destination Port:8649
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/08/24-14:12:34.472591
            SID:2046045
            Source Port:49712
            Destination Port:8649
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/08/24-14:12:34.818962
            SID:2043234
            Source Port:8649
            Destination Port:49712
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/08/24-14:12:40.779191
            SID:2046056
            Source Port:8649
            Destination Port:49712
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "15.165.134.129:8649", "Bot Id": "HJA", "Authorization Header": "253650f05db7104c6104d8c62c5dc67c"}
            Multi AV Scanner detection for submitted file
            Source: WCDVlB5SDr.exeReversingLabs: Detection: 68%
            Machine Learning detection for sample
            Source: WCDVlB5SDr.exeJoe Sandbox ML: detected

            Compliance

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeUnpacked PE file: 0.2.WCDVlB5SDr.exe.400000.0.unpack
            Source: WCDVlB5SDr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
            Source: Binary string: _.pdb source: WCDVlB5SDr.exe, 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2295293778.00000000071E1000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2295560748.00000000071EA000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3235147872.00000000072E1000.00000004.08000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_08134AB2
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_08134AE0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_08132FFC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0820CD90
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-3Ch]0_2_0960D900
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-3Ch]0_2_0960D9D0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-3Ch]0_2_0960D5FC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0962A864
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0962A870
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 4x nop then inc dword ptr [ebp-20h]0_2_0968BBD8

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.5:49712 -> 15.165.134.129:8649
            Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49712 -> 15.165.134.129:8649
            Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 15.165.134.129:8649 -> 192.168.2.5:49712
            Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 15.165.134.129:8649 -> 192.168.2.5:49712
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 15.165.134.129:8649
            Source: global trafficTCP traffic: 192.168.2.5:49712 -> 15.165.134.129:8649
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: unknownTCP traffic detected without corresponding DNS query: 15.165.134.129
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ipRSELSystem.Windows.FormsECT
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp8CFC.tmpJump to dropped file
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp8CDC.tmpJump to dropped file

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.3.WCDVlB5SDr.exe.3080000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.WCDVlB5SDr.exe.2f00e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.WCDVlB5SDr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 0.2.WCDVlB5SDr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
            Source: 00000000.00000003.2294050534.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
            Source: 00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00408C600_2_00408C60
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040DC110_2_0040DC11
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00407C3F0_2_00407C3F
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00418CCC0_2_00418CCC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00406CA00_2_00406CA0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004028B00_2_004028B0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0041A4BE0_2_0041A4BE
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004182440_2_00418244
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004016500_2_00401650
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00402F200_2_00402F20
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004193C40_2_004193C4
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004187880_2_00418788
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00402F890_2_00402F89
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00402B900_2_00402B90
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004073A00_2_004073A0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F02B170_2_02F02B17
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F018B70_2_02F018B7
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0786D0_2_02F0786D
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F031F00_2_02F031F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F189EF0_2_02F189EF
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F031870_2_02F03187
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F08EC70_2_02F08EC7
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F07EA60_2_02F07EA6
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0DE780_2_02F0DE78
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F077D90_2_02F077D9
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F18F330_2_02F18F33
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F1A7250_2_02F1A725
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F06F070_2_02F06F07
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F184AB0_2_02F184AB
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F02DF70_2_02F02DF7
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_030E78A80_2_030E78A8
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_030E78B80_2_030E78B8
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081386100_2_08138610
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08138F180_2_08138F18
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081392800_2_08139280
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813A3F80_2_0813A3F8
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813A3E80_2_0813A3E8
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081314380_2_08131438
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081386020_2_08138602
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08131E780_2_08131E78
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08131E690_2_08131E69
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08138F0A0_2_08138F0A
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813F7580_2_0813F758
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813F7480_2_0813F748
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081DDF650_2_081DDF65
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081D04480_2_081D0448
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081DB6D00_2_081DB6D0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081D04080_2_081D0408
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081D04470_2_081D0447
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_081DE7680_2_081DE768
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082000250_2_08200025
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082000400_2_08200040
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_088C1E010_2_088C1E01
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_088CEEF00_2_088CEEF0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0960F8500_2_0960F850
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09604F000_2_09604F00
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0960E3500_2_0960E350
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096056500_2_09605650
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09608D220_2_09608D22
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09608D300_2_09608D30
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09608C9F0_2_09608C9F
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096062900_2_09606290
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09623B580_2_09623B58
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096200400_2_09620040
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096220A80_2_096220A8
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096240900_2_09624090
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096292480_2_09629248
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0962D6680_2_0962D668
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096243C00_2_096243C0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096252000_2_09625200
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096593C40_2_096593C4
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096577380_2_09657738
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096526EC0_2_096526EC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096526EC0_2_096526EC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_096526EC0_2_096526EC
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0965A8100_2_0965A810
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_09687A180_2_09687A18
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0968CD940_2_0968CD94
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: String function: 02F0E43F appears 44 times
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: String function: 0040E1D8 appears 44 times
            Source: WCDVlB5SDr.exe, 00000000.00000002.3229861781.0000000002F28000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000003.2294050534.00000000030B6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005E05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000003.2295293778.00000000071E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000003.2295293778.00000000071E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3235317280.0000000007B30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000003.2295560748.00000000071EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000003.2294822289.0000000002C99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3235147872.00000000072E1000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKats.exe8 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exe, 00000000.00000002.3235147872.00000000072E1000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs WCDVlB5SDr.exe
            Source: WCDVlB5SDr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.3.WCDVlB5SDr.exe.3080000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.WCDVlB5SDr.exe.2f00e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.WCDVlB5SDr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 0.2.WCDVlB5SDr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
            Source: 00000000.00000003.2294050534.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
            Source: 00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/5@0/1
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeMutant created: NULL
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp8CDC.tmpJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCommand line argument: 08A0_2_00413780
            Source: WCDVlB5SDr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: WCDVlB5SDr.exe, 00000000.00000003.2507470588.00000000060F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: WCDVlB5SDr.exeReversingLabs: Detection: 68%
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: msvcr100.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: msvcp140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: esdsip.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: linkinfo.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Google Chrome.lnk.0.drLNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
            Source: Binary string: _.pdb source: WCDVlB5SDr.exe, 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2295293778.00000000071E1000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2295560748.00000000071EA000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3235147872.00000000072E1000.00000004.08000000.00040000.00000000.sdmp

            Data Obfuscation

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeUnpacked PE file: 0.2.WCDVlB5SDr.exe.400000.0.unpack
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, EwV3ECxYhIse1SOarW.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, EwV3ECxYhIse1SOarW.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, EwV3ECxYhIse1SOarW.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0041C40C push cs; iretd 0_2_0041C4E2
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00423149 push eax; ret 0_2_00423179
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0041C50E push cs; iretd 0_2_0041C4E2
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004231C8 push eax; ret 0_2_00423179
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040E21D push ecx; ret 0_2_0040E230
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0041C6BE push ebx; ret 0_2_0041C6BF
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02BDC4C0 push edi; retf 0_2_02BDC4C1
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02BD9575 push FFFFFFE1h; ret 0_2_02BD9584
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F1C125 push ebx; ret 0_2_02F1C126
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F1BE73 push cs; iretd 0_2_02F1BF49
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F1BF75 push cs; iretd 0_2_02F1BF49
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0E484 push ecx; ret 0_2_02F0E497
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813F326 push ss; retf 0_2_0813F375
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08131C00 pushad ; ret 0_2_08131C0D
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0813EEB7 push es; iretd 0_2_0813EEBD
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082080D2 push 00000047h; ret 0_2_082080D4
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082075EC push edx; ret 0_2_082075EE
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082071D1 push esi; ret 0_2_082071D2
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08207665 push ecx; ret 0_2_08207666
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082072F3 push ebp; ret 0_2_082072F5
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082062DC pushad ; ret 0_2_082062DD
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0820733F push esp; ret 0_2_08207341
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0820731D push ebp; ret 0_2_0820731F
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0820275E push E9FFFFF8h; iretd 0_2_08202769
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_082073D2 push esp; ret 0_2_082073D3
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_088C6C80 pushad ; ret 0_2_088C6C81
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08A646CF push FFFFFF8Bh; retf 0_2_08A646D1
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08A6480F push FFFFFF8Bh; iretd 0_2_08A64816
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08A645DE push FFFFFF8Bh; retf 0_2_08A645E2
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_08A6475D push FFFFFF8Bh; retf 0_2_08A64764
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0960C9B1 push cs; ret 0_2_0960CA24
            Source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, EwV3ECxYhIse1SOarW.csHigh entropy of concatenated method names: 'BPTavEfPI8', 'uVaa4GpUIk', 'u6YaUGQ5Rc', 't0UaRBG3Pj', 'pNJaQb5F9t', 'YcBaEMIBPc', 'Qam_000D_000A8pui_008Bc', 'nWN5m7K3Q', 'ReZxSxiJZ', 'kJmawSxbE'
            Source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, EwV3ECxYhIse1SOarW.csHigh entropy of concatenated method names: 'BPTavEfPI8', 'uVaa4GpUIk', 'u6YaUGQ5Rc', 't0UaRBG3Pj', 'pNJaQb5F9t', 'YcBaEMIBPc', 'Qam_000D_000A8pui_008Bc', 'nWN5m7K3Q', 'ReZxSxiJZ', 'kJmawSxbE'
            Source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, EwV3ECxYhIse1SOarW.csHigh entropy of concatenated method names: 'BPTavEfPI8', 'uVaa4GpUIk', 'u6YaUGQ5Rc', 't0UaRBG3Pj', 'pNJaQb5F9t', 'YcBaEMIBPc', 'Qam_000D_000A8pui_008Bc', 'nWN5m7K3Q', 'ReZxSxiJZ', 'kJmawSxbE'

            Persistence and Installation Behavior

            barindex
            Installs new ROOT certificates
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeMemory allocated: 30E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeMemory allocated: 4D40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeMemory allocated: 4AF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWindow / User API: threadDelayed 8073Jump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWindow / User API: threadDelayed 1727Jump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exe TID: 1848Thread sleep time: -28592453314249787s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: WCDVlB5SDr.exe, 00000000.00000002.3236642141.0000000009100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: WCDVlB5SDr.exe, 00000000.00000002.3233672339.0000000005DD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.00000000052DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeAPI call chain: ExitProcess graph end nodegraph_0-109596
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_030E0890 LdrInitializeThunk,0_2_030E0890
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02BD7A5B push dword ptr fs:[00000030h]0_2_02BD7A5B
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0092B mov eax, dword ptr fs:[00000030h]0_2_02F0092B
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F00D90 mov eax, dword ptr fs:[00000030h]0_2_02F00D90
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040ADB0 GetProcessHeap,HeapFree,0_2_0040ADB0
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040E61C
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00416F6A
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_004123F1 SetUnhandledExceptionFilter,0_2_004123F1
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02F0E883
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F0D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02F0D070
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F171D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_02F171D1
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_02F12658 SetUnhandledExceptionFilter,0_2_02F12658
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: GetLocaleInfoA,0_2_00417A20
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: GetLocaleInfoA,0_2_02F17C87
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeCode function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00412A15
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: WCDVlB5SDr.exe, 00000000.00000003.2551778666.0000000009195000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2551152814.0000000009180000.00000004.00000020.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2551816355.00000000091AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

            Stealing of Sensitive Information

            barindex
            Yara detected PureLog Stealer
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected RedLine Stealer
            Source: Yara matchFile source: dump.pcap, type: PCAP
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: WCDVlB5SDr.exe PID: 2940, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
            Source: WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
            Source: WCDVlB5SDr.exe, 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\WCDVlB5SDr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: Yara matchFile source: 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: WCDVlB5SDr.exe PID: 2940, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected PureLog Stealer
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected RedLine Stealer
            Source: Yara matchFile source: dump.pcap, type: PCAP
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280ee8.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7280000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.7ad0000.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490e29e.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.WCDVlB5SDr.exe.490f186.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: WCDVlB5SDr.exe PID: 2940, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Masquerading            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory261
            Security Software Discovery            		Remote Desktop Protocol2
            Data from Local System            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Native API            		Logon Script (Windows)Logon Script (Windows)241
            Virtualization/Sandbox Evasion            		Security Account Manager241
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Deobfuscate/Decode Files or Information            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Install Root Certificate            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSync124
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            WCDVlB5SDr.exe68%ReversingLabsWin32.Ransomware.StopCrypt
            WCDVlB5SDr.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://tempuri.org/0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
            15.165.134.129:86490%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
            https://api.ip.sb/ipRSELSystem.Windows.FormsECT0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
            http://tempuri.org/Entity/Id8ResponseD0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            15.165.134.129:8649true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://schemas.xmlsoap.org/ws/2005/02/sc/sctWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://duckduckgo.com/chrome_newtabWCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/ac/?q=WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://tempuri.org/Entity/Id23ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://tempuri.org/Entity/Id12ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://tempuri.org/WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://tempuri.org/Entity/Id2ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://tempuri.org/Entity/Id21ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id9WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id8WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id6ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id5WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id4WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/Entity/Id7WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/Entity/Id6WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id19ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id13ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2004/10/wsatWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id15ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/Entity/Id5ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id6ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/04/scWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id1ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.ip.sb/ipRSELSystem.Windows.FormsECTWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id9ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id20WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://tempuri.org/Entity/Id21WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://tempuri.org/Entity/Id22WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id23WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id24WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id24ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.ecosia.org/newtab/WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id1ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id10WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id11WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id10ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id12WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/Entity/Id16ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Entity/Id13WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id14WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id15WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Entity/Id16WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/NonceWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id17WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id18WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id5ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id19WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id10ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id11ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id8ResponseWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentityWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8ResponseDWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyWCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1WCDVlB5SDr.exe, 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=WCDVlB5SDr.exe, 00000000.00000003.2484455467.000000000657D000.00000004.00000800.00020000.00000000.sdmp, WCDVlB5SDr.exe, 00000000.00000003.2484455467.0000000006561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          15.165.134.129
                                                                                                                          		unknownUnited States
                                                                                                                          		16509AMAZON-02UStrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                          Analysis ID:1438243
                                                                                                                          Start date and time:2024-05-08 14:11:09 +02:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 6m 37s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:5
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:WCDVlB5SDr.exe
                                                                                                                          renamed because original name is a hash value
                                                                                                                          Original Sample Name:e4680b5d58eb24f57fa55432f03bead9.bin.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/5@0/1
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 97%
                                                                                                                          • Number of executed functions: 398
                                                                                                                          • Number of non-executed functions: 0
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • VT rate limit hit for: WCDVlB5SDr.exe

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          14:12:43API Interceptor61x Sleep call for process: WCDVlB5SDr.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          No context

                                                                                                                          Domains

                                                                                                                          No context

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          AMAZON-02USwindows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                          • 13.224.14.57
                                                                                                                          windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 3.163.157.45
                                                                                                                          https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4dce00b4-a0e3-4ea4-971a-87159cefdb06Get hashmaliciousUnknownBrowse
                                                                                                                          • 52.89.119.77
                                                                                                                          https://shorturl.at/gjty7Get hashmaliciousUnknownBrowse
                                                                                                                          • 52.95.122.74
                                                                                                                          http://we-conect.ioGet hashmaliciousUnknownBrowse
                                                                                                                          • 3.77.226.233
                                                                                                                          YvPa06OoUd.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 3.73.168.69
                                                                                                                          TV7RLVOmvl.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 15.236.15.67
                                                                                                                          g4b2VGmd1s.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.254.182.186
                                                                                                                          X7oMmXD99L.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 15.184.158.119
                                                                                                                          Forligsmnd.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                          • 76.223.105.230

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          No context

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:53 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2104
                                                                                                                          Entropy (8bit):3.450410643824953
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:8S49l2dfTXd3RYrnvPdAKRkdAGdAKRFdAKRE:8SIlOw
                                                                                                                          MD5:B8B0A82D41E89A1A35AF66418527DA86
                                                                                                                          SHA1:FFD290F9BE12E3D1C7F87F8150DDA36A1F6444B9
                                                                                                                          SHA-256:10481726EF1D897F192BAC6E615C85236D9EE2F9A875205E500328CD9EABAA52
                                                                                                                          SHA-512:C1962FD58CE96FF13DBAC8F5348D8F6EFAC65A08689FD8528B3B8037DDE33A4CB3AF263DD227F3C7BCD2462E5742756B0A44F32A50C43B7BFE0A0FC0A367E6D7
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:L..................F.@.. ......,....[.\l.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WCDVlB5SDr.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3274
                                                                                                                          Entropy (8bit):5.3318368586986695
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0
                                                                                                                          MD5:0C1110E9B7BBBCB651A0B7568D796468
                                                                                                                          SHA1:7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA
                                                                                                                          SHA-256:112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2
                                                                                                                          SHA-512:46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                          C:\Users\user\AppData\Local\Temp\Tmp8CDC.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2662
                                                                                                                          Entropy (8bit):7.8230547059446645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                          MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                          SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                          SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                          SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                          C:\Users\user\AppData\Local\Temp\Tmp8CFC.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2662
                                                                                                                          Entropy (8bit):7.8230547059446645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                          MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                          SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                          SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                          SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2251
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3::
                                                                                                                          MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                          SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                          SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                          SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Entropy (8bit):7.097878243763229
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                          • InstallShield setup (43055/19) 0.43%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                          File name:WCDVlB5SDr.exe
                                                                                                                          File size:503'296 bytes
                                                                                                                          MD5:e4680b5d58eb24f57fa55432f03bead9
                                                                                                                          SHA1:57d840b6d22b97d21d942bb6b437dc4a58b790f0
                                                                                                                          SHA256:ad79ea754a43dc0566088a655b0e0ba4e2da15ac4271b0f7bdd026eef70e2450
                                                                                                                          SHA512:79386eb5fa27bc863b510b6cb507ca94e8bdd19dc1d71ceb7ab836908f9853f16f2a00a96e565731dd0a11ca4476a9a2750102ca8298f1b27747daf814b57175
                                                                                                                          SSDEEP:6144:ZO8HpKGKYUI6KW5NMwvQdKdnsxYAd3NWEtfnlpoAu92AHqkNoin4j3OLNChqOhWQ:ZO8Hp8KFdKdnav3N5luA82iDNDnZ3j
                                                                                                                          TLSH:C4B4F00166A0EC3ACE5657728A29D6E05AAEBCF1DBB090CF73543B9F2D7F1D08561312
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!7-seVC eVC eVC ... dVC {.. tVC {.. .VC {.. IVC B.8 `VC eVB .VC {.. dVC {.. dVC {.. dVC RicheVC ................PE..L.....oc...

                                                                                                                          File Icon

                                                                                                                          Icon Hash:6727676787571667

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x40182a
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x636FA8AC [Sat Nov 12 14:07:40 2022 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:5
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:5
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:5
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:787bf087217e36a86da431920ad51f39

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          call 00007FDABC7D4FDFh
                                                                                                                          jmp 00007FDABC7CF68Dh
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                          test ecx, 00000003h
                                                                                                                          je 00007FDABC7CF836h
                                                                                                                          mov al, byte ptr [ecx]
                                                                                                                          add ecx, 01h
                                                                                                                          test al, al
                                                                                                                          je 00007FDABC7CF860h
                                                                                                                          test ecx, 00000003h
                                                                                                                          jne 00007FDABC7CF801h
                                                                                                                          add eax, 00000000h
                                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                                          mov eax, dword ptr [ecx]
                                                                                                                          mov edx, 7EFEFEFFh
                                                                                                                          add edx, eax
                                                                                                                          xor eax, FFFFFFFFh
                                                                                                                          xor eax, edx
                                                                                                                          add ecx, 04h
                                                                                                                          test eax, 81010100h
                                                                                                                          je 00007FDABC7CF7FAh
                                                                                                                          mov eax, dword ptr [ecx-04h]
                                                                                                                          test al, al
                                                                                                                          je 00007FDABC7CF844h
                                                                                                                          test ah, ah
                                                                                                                          je 00007FDABC7CF836h
                                                                                                                          test eax, 00FF0000h
                                                                                                                          je 00007FDABC7CF825h
                                                                                                                          test eax, FF000000h
                                                                                                                          je 00007FDABC7CF814h
                                                                                                                          jmp 00007FDABC7CF7DFh
                                                                                                                          lea eax, dword ptr [ecx-01h]
                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                          sub eax, ecx
                                                                                                                          ret
                                                                                                                          lea eax, dword ptr [ecx-02h]
                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                          sub eax, ecx
                                                                                                                          ret
                                                                                                                          lea eax, dword ptr [ecx-03h]
                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                          sub eax, ecx
                                                                                                                          ret
                                                                                                                          lea eax, dword ptr [ecx-04h]
                                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                                          sub eax, ecx
                                                                                                                          ret
                                                                                                                          mov edi, edi
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          sub esp, 20h
                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                          push esi
                                                                                                                          push edi
                                                                                                                          push 00000008h
                                                                                                                          pop ecx
                                                                                                                          mov esi, 0040E1FCh
                                                                                                                          lea edi, dword ptr [ebp-20h]
                                                                                                                          rep movsd
                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                          mov eax, dword ptr [ebp+0Ch]
                                                                                                                          pop edi
                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                          pop esi
                                                                                                                          test eax, eax

                                                                                                                          Rich Headers

                                                                                                                          Programming Language:
                                                                                                                          • [ASM] VS2008 build 21022
                                                                                                                          • [ C ] VS2008 build 21022
                                                                                                                          • [C++] VS2008 build 21022
                                                                                                                          • [IMP] VS2005 build 50727
                                                                                                                          • [RES] VS2008 build 21022
                                                                                                                          • [LNK] VS2008 build 21022

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6752c0x3c.rdata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x27260000x11b78.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x66d600x40.rdata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xe0000x184.rdata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000xc4330xc60022b224c35bc1a4f35d166c841d8f43deFalse0.6058633207070707data6.550778958653732IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rdata0xe0000x59df20x59e00b0817b74e3906d5d87f3d8e2410998beFalse0.8447061891515995data7.393177194975046IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x680000x26bd4480x2a00c4094bc6063f317d4c176fce40019c20unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .rsrc0x27260000x11b780x11c0023ea6198546329517b0c7f47c051e0eaFalse0.4295499559859155data5.027101400306152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          CEFUD0x27326a80xbf7ASCII text, with very long lines (3063), with no line terminatorsTurkishTurkey0.5964740450538688
                                                                                                                          YIZIJILUDATETARUNE0x27332a00x3faASCII text, with very long lines (1018), with no line terminatorsTurkishTurkey0.6277013752455796
                                                                                                                          RT_CURSOR0x27336c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                          RT_CURSOR0x27345800x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                                                          RT_CURSOR0x27346b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                                                          RT_ICON0x27266f00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkishTurkey0.4229744136460554
                                                                                                                          RT_ICON0x27275980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkishTurkey0.5600180505415162
                                                                                                                          RT_ICON0x2727e400x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkishTurkey0.6209677419354839
                                                                                                                          RT_ICON0x27285080x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkishTurkey0.6604046242774566
                                                                                                                          RT_ICON0x2728a700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkishTurkey0.49636929460580914
                                                                                                                          RT_ICON0x272b0180x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkishTurkey0.5627049180327869
                                                                                                                          RT_ICON0x272b9a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkishTurkey0.5824468085106383
                                                                                                                          RT_ICON0x272be700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.43550106609808104
                                                                                                                          RT_ICON0x272cd180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.5532490974729242
                                                                                                                          RT_ICON0x272d5c00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.5869815668202765
                                                                                                                          RT_ICON0x272dc880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.6567919075144508
                                                                                                                          RT_ICON0x272e1f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600TurkishTurkey0.36607883817427384
                                                                                                                          RT_ICON0x27307980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224TurkishTurkey0.39141651031894936
                                                                                                                          RT_ICON0x27318400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400TurkishTurkey0.41352459016393445
                                                                                                                          RT_ICON0x27321c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088TurkishTurkey0.4219858156028369
                                                                                                                          RT_STRING0x2736e700x5d0data0.4415322580645161
                                                                                                                          RT_STRING0x27374400x7cdata0.6290322580645161
                                                                                                                          RT_STRING0x27374c00x4d4data0.44741100323624594
                                                                                                                          RT_STRING0x27379980xaedata0.5747126436781609
                                                                                                                          RT_STRING0x2737a480x12adata0.5335570469798657
                                                                                                                          RT_ACCELERATOR0x27336a00x20data1.09375
                                                                                                                          RT_GROUP_CURSOR0x27345680x14data1.25
                                                                                                                          RT_GROUP_CURSOR0x2736c580x22data1.088235294117647
                                                                                                                          RT_GROUP_ICON0x272be080x68dataTurkishTurkey0.7115384615384616
                                                                                                                          RT_GROUP_ICON0x27326300x76dataTurkishTurkey0.6779661016949152
                                                                                                                          RT_VERSION0x2736c800x1ecdata0.5691056910569106

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          KERNEL32.dllSetDefaultCommConfigW, WaitForSingleObject, SetConsoleScreenBufferSize, GetModuleHandleW, GetProcessHeap, GetConsoleAliasesLengthA, SetCommState, GetSystemTimes, LoadLibraryW, GetLocaleInfoW, AssignProcessToJobObject, IsBadCodePtr, lstrcpynW, FindFirstFileExA, InterlockedIncrement, SetLastError, GetProcAddress, GetLongPathNameA, BuildCommDCBW, SetFileApisToOEM, LoadLibraryA, WriteConsoleA, LocalAlloc, SetCurrentDirectoryW, FindAtomA, EnumDateFormatsA, FreeEnvironmentStringsW, GetSystemTime, SetFileAttributesW, GetVolumeInformationW, GetCurrentDirectoryW, EnumCalendarInfoA, GetLastError, HeapReAlloc, HeapAlloc, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, VirtualAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, MultiByteToWideChar, InitializeCriticalSectionAndSpinCount, HeapSize, SetStdHandle, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, FlushFileBuffers, ReadFile, CreateFileA, CloseHandle
                                                                                                                          ADVAPI32.dllReadEventLogW

                                                                                                                          Possible Origin

                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          TurkishTurkey

                                                                                                                          Network Behavior

                                                                                                                          Snort IDS Alerts

                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                          05/08/24-14:12:52.401835TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497128649192.168.2.515.165.134.129
                                                                                                                          05/08/24-14:12:34.472591TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497128649192.168.2.515.165.134.129
                                                                                                                          05/08/24-14:12:34.818962TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response86494971215.165.134.129192.168.2.5
                                                                                                                          05/08/24-14:12:40.779191TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)86494971215.165.134.129192.168.2.5

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          May 8, 2024 14:12:33.000870943 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:33.345294952 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:33.345395088 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:33.452189922 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:33.795492887 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:33.841077089 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:34.472590923 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:34.818962097 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:34.870486975 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:40.433851957 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:40.779191017 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:40.779217005 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:40.779230118 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:40.779237986 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:40.779246092 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:40.779360056 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:41.118989944 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:41.462723017 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.511122942 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:41.540515900 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:41.883853912 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.883876085 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.883893013 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.883898973 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.883903980 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:41.884150028 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:42.227150917 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:42.227992058 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:42.240546942 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:42.583869934 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:42.590615988 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:42.933801889 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:42.978770018 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:43.325191975 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:43.370470047 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:47.244199038 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:47.589867115 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:47.598026037 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:47.947314978 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:47.963021040 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:48.308455944 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.412688017 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:48.755878925 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.755902052 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.755913973 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.755925894 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.755939007 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.755949974 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756006956 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756019115 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756059885 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756078005 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756088018 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:48.756129026 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.756196976 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:48.803491116 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:48.806247950 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.103180885 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103204966 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103215933 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103226900 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103240967 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103251934 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103264093 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103275061 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103285074 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103296041 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103296041 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.103307962 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103346109 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103358984 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103370905 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103379965 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.103382111 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103482008 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103492022 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103502035 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103513002 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103523970 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103576899 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.103616953 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103626013 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.103629112 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.103641033 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.150156021 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447371960 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447400093 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447413921 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447424889 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447437048 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447451115 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447459936 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447470903 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447484016 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447495937 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447506905 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447516918 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447530031 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447541952 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447552919 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447721004 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447735071 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447745085 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447756052 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447766066 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447772026 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.447781086 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447791100 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447802067 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447813034 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447824955 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447843075 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447889090 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.447895050 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447909117 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447921038 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447978020 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.447988987 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448003054 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448069096 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448080063 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448091984 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448136091 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448147058 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.448319912 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.448391914 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.793793917 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793812990 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793824911 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793834925 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793840885 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793858051 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793869972 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793925047 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.793961048 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794423103 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794436932 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794492006 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794504881 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794564009 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794576883 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794631958 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794645071 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794660091 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794713974 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794745922 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794756889 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.794800997 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797022104 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797043085 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797121048 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797154903 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797204971 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797218084 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797230959 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797290087 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797307968 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.797350883 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797388077 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.797884941 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797895908 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797907114 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.797933102 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798010111 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798019886 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798072100 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798096895 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798132896 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798193932 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798207045 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798232079 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798295975 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.798343897 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.799967051 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.799994946 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.800029039 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:49.800234079 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:49.800308943 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.140377045 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140403986 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140415907 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140427113 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140438080 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140449047 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140459061 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140467882 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140618086 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140628099 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140640020 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140650988 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140661955 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140672922 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140683889 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140783072 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140794039 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140803099 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140842915 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140894890 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140925884 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.140965939 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.143975019 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.143987894 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.143997908 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144009113 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144018888 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144031048 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144042015 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144224882 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.144277096 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144321918 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.144438028 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144481897 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144491911 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144503117 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144512892 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144525051 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144536018 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144546032 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144556999 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144567013 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144581079 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144592047 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144602060 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144612074 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144623995 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.144794941 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.144851923 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.489371061 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489392996 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489403963 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489869118 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489927053 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489984035 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.489994049 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490015030 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490076065 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490111113 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490123034 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490187883 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490250111 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490305901 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490346909 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490355968 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490458012 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490518093 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.490528107 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492048979 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492089033 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492105961 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492479086 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.492578983 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.492681980 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492746115 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492767096 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492832899 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492842913 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492898941 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492908001 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492955923 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.492990017 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493030071 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493062973 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493072987 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493130922 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493197918 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493207932 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493259907 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.493280888 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.494890928 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.494940042 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.494951963 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.494962931 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.495151043 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:50.835517883 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835540056 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835555077 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835566998 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835577965 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835589886 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835601091 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835612059 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835664034 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835675001 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835861921 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835931063 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835942984 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835954905 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835967064 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835978031 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.835990906 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836003065 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836014032 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836031914 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836045027 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836056948 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836070061 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836081982 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836093903 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836147070 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836158037 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836199999 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.836211920 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838062048 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838138103 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838150978 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838221073 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838232040 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838251114 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838262081 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838361025 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838372946 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838383913 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838397026 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838445902 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838457108 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838531017 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838542938 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838557005 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838610888 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838623047 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838635921 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838716984 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.838728905 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.840303898 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:50.852473021 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:51.183007002 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:51.196777105 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:51.245462894 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:51.369196892 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:51.526721954 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:51.698807955 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:51.712491989 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:51.713195086 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.041781902 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:52.042319059 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.056453943 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:52.057214022 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.387862921 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:52.401834965 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.405544996 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:52.448574066 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.457417011 CEST497128649192.168.2.515.165.134.129
                                                                                                                          May 8, 2024 14:12:52.744818926 CEST86494971215.165.134.129192.168.2.5
                                                                                                                          May 8, 2024 14:12:52.744981050 CEST497128649192.168.2.515.165.134.129

                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:14:11:53
                                                                                                                          Start date:08/05/2024
                                                                                                                          Path:C:\Users\user\Desktop\WCDVlB5SDr.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\WCDVlB5SDr.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:503'296 bytes
                                                                                                                          MD5 hash:E4680B5D58EB24F57FA55432F03BEAD9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000003.2294050534.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.3231372992.0000000004DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.3230436235.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.3235147872.0000000007280000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.2295293778.0000000007181000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.3235317280.0000000007AD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:false

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:10.4%
                                                                                                                            Dynamic/Decrypted Code Coverage:38%
                                                                                                                            Signature Coverage:21.1%
                                                                                                                            Total number of Nodes:266
                                                                                                                            Total number of Limit Nodes:30
                                                                                                                            execution_graph 109624 8133bb0 109625 8133c48 CreateWindowExW 109624->109625 109627 8133d86 109625->109627 109627->109627 109628 30e78a8 109629 30e7881 109628->109629 109630 30e7855 109629->109630 109632 8202afe 109629->109632 109636 820dee8 109632->109636 109634 8202b2c 109637 820df0f 109636->109637 109640 820dff0 109637->109640 109641 820e039 VirtualProtect 109640->109641 109643 8201b94 109641->109643 109643->109632 109643->109634 109654 30eccc8 109655 30eccdc 109654->109655 109657 30ecd01 109655->109657 109658 30ec6f8 109655->109658 109659 30eced0 LoadLibraryExW 109658->109659 109661 30ecf8c 109659->109661 109661->109657 109695 820ecc8 109697 820ecef 109695->109697 109696 820edcc 109697->109696 109699 820e924 109697->109699 109700 820fd80 CreateActCtxA 109699->109700 109702 820fe86 109700->109702 109703 2bd70d4 109704 2bd70e9 109703->109704 109707 2bd79de 109704->109707 109708 2bd79ed 109707->109708 109711 2bd817e 109708->109711 109716 2bd8199 109711->109716 109712 2bd81a2 CreateToolhelp32Snapshot 109713 2bd81be Module32First 109712->109713 109712->109716 109714 2bd81cd 109713->109714 109717 2bd79dd 109713->109717 109718 2bd7e3d 109714->109718 109716->109712 109716->109713 109719 2bd7e68 109718->109719 109720 2bd7e79 VirtualAlloc 109719->109720 109721 2bd7eb1 109719->109721 109720->109721 109721->109721 109662 2f0003c 109663 2f00049 109662->109663 109677 2f00e0f SetErrorMode SetErrorMode 109663->109677 109668 2f00265 109669 2f002ce VirtualProtect 109668->109669 109671 2f0030b 109669->109671 109670 2f00439 VirtualFree 109674 2f004be 109670->109674 109675 2f005f4 LoadLibraryA 109670->109675 109671->109670 109672 2f004e3 LoadLibraryA 109672->109674 109674->109672 109674->109675 109676 2f008c7 109675->109676 109678 2f00223 109677->109678 109679 2f00d90 109678->109679 109680 2f00dad 109679->109680 109681 2f00238 VirtualAlloc 109680->109681 109682 2f00dbb GetPEB 109680->109682 109681->109668 109682->109681 109370 30ef000 DuplicateHandle 109371 30ef0dd 109370->109371 109372 820e2b0 109373 820e2f4 FindCloseChangeNotification 109372->109373 109375 820e340 109373->109375 109376 308d01c 109377 308d034 109376->109377 109378 308d08e 109377->109378 109383 8133e42 109377->109383 109387 8132f8c 109377->109387 109391 8134c6a 109377->109391 109395 8133e48 109377->109395 109384 8133e6e 109383->109384 109385 8132f8c CallWindowProcW 109384->109385 109386 8133e8f 109385->109386 109386->109378 109388 8132f97 109387->109388 109390 8134cc9 109388->109390 109399 81330b4 CallWindowProcW 109388->109399 109392 8134ca5 109391->109392 109394 8134cc9 109392->109394 109400 81330b4 CallWindowProcW 109392->109400 109396 8133e6e 109395->109396 109397 8132f8c CallWindowProcW 109396->109397 109398 8133e8f 109397->109398 109398->109378 109399->109390 109400->109394 109644 30eedb8 109645 30eedfe GetCurrentProcess 109644->109645 109647 30eee49 109645->109647 109648 30eee50 GetCurrentThread 109645->109648 109647->109648 109649 30eee8d GetCurrentProcess 109648->109649 109650 30eee86 109648->109650 109651 30eeec3 GetCurrentThreadId 109649->109651 109650->109649 109653 30eef1c 109651->109653 109683 30ecbd8 109684 30ecc3d GetModuleHandleW 109683->109684 109685 30ecc2b 109683->109685 109686 30ecc7c 109684->109686 109685->109684 109687 8136245 109688 81362e3 109687->109688 109689 8136286 109687->109689 109688->109689 109690 8136362 109688->109690 109691 813640c 109688->109691 109693 81363ba CallWindowProcW 109690->109693 109694 8136369 109690->109694 109692 8132f8c CallWindowProcW 109691->109692 109692->109694 109693->109694 109401 40cbdd 109402 40cbe9 _fseek 109401->109402 109445 40d534 HeapCreate 109402->109445 109405 40cc46 109506 41087e 71 API calls 8 library calls 109405->109506 109408 40cc4c 109409 40cc50 109408->109409 109410 40cc58 __RTC_Initialize 109408->109410 109507 40cbb4 62 API calls 3 library calls 109409->109507 109447 411a15 67 API calls 3 library calls 109410->109447 109412 40cc57 109412->109410 109414 40cc66 109415 40cc72 GetCommandLineA 109414->109415 109416 40cc6a 109414->109416 109448 412892 71 API calls 3 library calls 109415->109448 109508 40e79a 62 API calls 3 library calls 109416->109508 109419 40cc71 109419->109415 109420 40cc82 109509 4127d7 107 API calls 3 library calls 109420->109509 109422 40cc8c 109423 40cc90 109422->109423 109424 40cc98 109422->109424 109510 40e79a 62 API calls 3 library calls 109423->109510 109449 41255f 106 API calls 6 library calls 109424->109449 109427 40cc97 109427->109424 109428 40cc9d 109429 40cca1 109428->109429 109430 40cca9 109428->109430 109511 40e79a 62 API calls 3 library calls 109429->109511 109450 40e859 73 API calls 5 library calls 109430->109450 109433 40ccb0 109435 40ccb5 109433->109435 109436 40ccbc 109433->109436 109434 40cca8 109434->109430 109512 40e79a 62 API calls 3 library calls 109435->109512 109451 4019f0 OleInitialize 109436->109451 109439 40ccbb 109439->109436 109440 40ccd8 109441 40ccea 109440->109441 109513 40ea0a 62 API calls _doexit 109440->109513 109514 40ea36 62 API calls _doexit 109441->109514 109444 40ccef _fseek 109446 40cc3a 109445->109446 109446->109405 109505 40cbb4 62 API calls 3 library calls 109446->109505 109447->109414 109448->109420 109449->109428 109450->109433 109452 401ab9 109451->109452 109515 40b99e 109452->109515 109454 401abf 109455 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 109454->109455 109481 402467 109454->109481 109456 401dc3 FindCloseChangeNotification GetModuleHandleA 109455->109456 109464 401c55 109455->109464 109528 401650 109456->109528 109458 401e8b FindResourceA LoadResource LockResource SizeofResource 109530 40b84d 109458->109530 109462 401c9c CloseHandle 109462->109440 109463 401ecb _memset 109465 401efc SizeofResource 109463->109465 109464->109462 109468 401cf9 Module32Next 109464->109468 109466 401f1c 109465->109466 109467 401f5f 109465->109467 109466->109467 109586 401560 __VEC_memcpy __cftoe2_l 109466->109586 109470 401f92 _memset 109467->109470 109587 401560 __VEC_memcpy __cftoe2_l 109467->109587 109468->109456 109473 401d0f 109468->109473 109472 401fa2 FreeResource 109470->109472 109474 40b84d _malloc 62 API calls 109472->109474 109473->109462 109480 401dad Module32Next 109473->109480 109475 401fbb SizeofResource 109474->109475 109476 401fe5 _memset 109475->109476 109477 4020aa LoadLibraryA 109476->109477 109478 401650 109477->109478 109479 40216c GetProcAddress 109478->109479 109479->109481 109482 4021aa 109479->109482 109480->109456 109480->109473 109481->109440 109482->109481 109560 4018f0 109482->109560 109484 40243f 109484->109481 109588 40b6b5 62 API calls _fseek 109484->109588 109486 4021f1 109486->109484 109572 401870 109486->109572 109488 402269 VariantInit 109489 401870 75 API calls 109488->109489 109490 40228b VariantInit 109489->109490 109491 4022a7 109490->109491 109492 4022d9 SafeArrayCreate SafeArrayAccessData 109491->109492 109577 40b350 109492->109577 109495 40232c 109496 402354 SafeArrayDestroy 109495->109496 109504 40235b 109495->109504 109496->109504 109497 402392 SafeArrayCreateVector 109498 4023a4 109497->109498 109499 4023bc VariantClear VariantClear 109498->109499 109579 4019a0 109499->109579 109502 40242e 109503 4019a0 65 API calls 109502->109503 109503->109484 109504->109497 109505->109405 109506->109408 109507->109412 109508->109419 109509->109422 109510->109427 109511->109434 109512->109439 109513->109441 109514->109444 109518 40b9aa _fseek _strnlen 109515->109518 109516 40b9b8 109589 40bfc1 62 API calls __getptd_noexit 109516->109589 109518->109516 109521 40b9ec 109518->109521 109519 40b9bd 109590 40e744 6 API calls 2 library calls 109519->109590 109591 40d6e0 62 API calls 2 library calls 109521->109591 109523 40b9f3 109592 40b917 120 API calls 3 library calls 109523->109592 109525 40b9cd _fseek 109525->109454 109526 40b9ff 109593 40ba18 LeaveCriticalSection _doexit 109526->109593 109529 4017cc ___crtGetEnvironmentStringsA 109528->109529 109529->109458 109531 40b900 109530->109531 109542 40b85f 109530->109542 109601 40d2e3 6 API calls __decode_pointer 109531->109601 109533 40b906 109602 40bfc1 62 API calls __getptd_noexit 109533->109602 109536 401ebf 109548 40af66 109536->109548 109539 40b8bc RtlAllocateHeap 109539->109542 109540 40b870 109540->109542 109594 40ec4d 62 API calls 2 library calls 109540->109594 109595 40eaa2 62 API calls 7 library calls 109540->109595 109596 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 109540->109596 109542->109536 109542->109539 109542->109540 109543 40b8ec 109542->109543 109546 40b8f1 109542->109546 109597 40b7fe 62 API calls 4 library calls 109542->109597 109598 40d2e3 6 API calls __decode_pointer 109542->109598 109599 40bfc1 62 API calls __getptd_noexit 109543->109599 109600 40bfc1 62 API calls __getptd_noexit 109546->109600 109550 40af70 109548->109550 109549 40b84d _malloc 62 API calls 109549->109550 109550->109549 109551 40af8a 109550->109551 109553 40af8c std::bad_alloc::bad_alloc 109550->109553 109603 40d2e3 6 API calls __decode_pointer 109550->109603 109551->109463 109559 40afb2 109553->109559 109604 40d2bd 73 API calls __cinit 109553->109604 109555 40afbc 109606 40cd39 RaiseException 109555->109606 109558 40afca 109605 40af49 62 API calls std::exception::exception 109559->109605 109561 401903 lstrlenA 109560->109561 109562 4018fc 109560->109562 109607 4017e0 109561->109607 109562->109486 109565 401940 GetLastError 109567 40194b MultiByteToWideChar 109565->109567 109568 40198d 109565->109568 109566 401996 109566->109486 109569 4017e0 72 API calls 109567->109569 109568->109566 109615 401030 GetLastError 109568->109615 109570 401970 MultiByteToWideChar 109569->109570 109570->109568 109573 40af66 74 API calls 109572->109573 109574 40187c 109573->109574 109575 401885 SysAllocString 109574->109575 109576 4018a4 109574->109576 109575->109576 109576->109488 109578 40231a SafeArrayUnaccessData 109577->109578 109578->109495 109580 4019aa InterlockedDecrement 109579->109580 109585 4019df VariantClear 109579->109585 109581 4019b8 109580->109581 109580->109585 109582 4019c2 SysFreeString 109581->109582 109583 4019c9 109581->109583 109581->109585 109582->109583 109619 40aec0 63 API calls _fseek 109583->109619 109585->109502 109586->109466 109587->109470 109588->109481 109589->109519 109591->109523 109592->109526 109593->109525 109594->109540 109595->109540 109597->109542 109598->109542 109599->109546 109600->109536 109601->109533 109602->109536 109603->109550 109604->109559 109605->109555 109606->109558 109608 4017e9 109607->109608 109612 401844 109608->109612 109613 40182d 109608->109613 109616 40b783 72 API calls 4 library calls 109608->109616 109614 40186d MultiByteToWideChar 109612->109614 109618 40b743 62 API calls 2 library calls 109612->109618 109613->109612 109617 40b6b5 62 API calls _fseek 109613->109617 109614->109565 109614->109566 109616->109613 109617->109612 109618->109612 109619->109585 109620 30e0890 109621 30e08b1 109620->109621 109622 30e0a8e LdrInitializeThunk 109621->109622 109623 30e0ab6 109621->109623 109622->109621

                                                                                                                            Executed Functions

                                                                                                                            Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 33 401cd0-401cd4 22->33 25->14 25->21 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 36 401cf0-401cf2 33->36 37 401cd6-401cd8 33->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->33 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 63 401d50-401d52 60->63 64 401d36-401d38 60->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->60 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 94 402482-402487 92->94 98 40221d-40223d 93->98 99 40244f-40245f 93->99 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 2d1d005 122->152 153 40234e call 2d1d01d 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 2d1d005 135->154 155 402390 call 2d1d01d 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                                                                                            APIs
                                                                                                                            • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                            • _getenv.LIBCMT ref: 00401ABA
                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                            • Module32First.KERNEL32 ref: 00401C48
                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                            • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                            • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
                                                                                                                            • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                            • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                            • _malloc.LIBCMT ref: 00401EBA
                                                                                                                            • _memset.LIBCMT ref: 00401EDD
                                                                                                                            • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000042B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                            • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                            • API String ID: 2366190142-2962942730
                                                                                                                            • Opcode ID: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                            • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                            • Opcode Fuzzy Hash: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                            • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                            Function 088C1E01 Relevance: 5.3, Strings: 4, Instructions: 343COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 54'O$X,0$i>bp$p<0
                                                                                                                            • API String ID: 0-2991108001
                                                                                                                            • Opcode ID: b832c9f955b168a10634ae5f29b3b7a29e17dd0ae14ae79a6cb8a48801ffd53d
                                                                                                                            • Instruction ID: 24867354c710877edb3f201bf7f2e814fffffcba660493ad446781a0b11feab8
                                                                                                                            • Opcode Fuzzy Hash: b832c9f955b168a10634ae5f29b3b7a29e17dd0ae14ae79a6cb8a48801ffd53d
                                                                                                                            • Instruction Fuzzy Hash: CCF10934D00218CFCB58DFB4D965A9DBBB6FF8A301F1081AAD41AAB394DB319985CF51
                                                                                                                            Function 08138F0A Relevance: 4.0, Strings: 3, Instructions: 209COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: S*kM$rz}$=jx
                                                                                                                            • API String ID: 0-4113506222
                                                                                                                            • Opcode ID: 381804b88ea88e8b23fcebcbcde410329087f22a437d496d4e81a7739b332133
                                                                                                                            • Instruction ID: 97ac74ca342b7aea42b8fab3b58660adb330673c0262eca948911684e9b5a925
                                                                                                                            • Opcode Fuzzy Hash: 381804b88ea88e8b23fcebcbcde410329087f22a437d496d4e81a7739b332133
                                                                                                                            • Instruction Fuzzy Hash: C2911174A412089FDB45DFB8E965AAE7BF2FF88305F104069E809AB395CB389C45CF51
                                                                                                                            Function 08138F18 Relevance: 4.0, Strings: 3, Instructions: 204COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: S*kM$rz}$=jx
                                                                                                                            • API String ID: 0-4113506222
                                                                                                                            • Opcode ID: b404b7d3d05fa1f1c9754e2a7e13fbf99360a588fc7db42071e36062d98467c5
                                                                                                                            • Instruction ID: bf833c7a84a0e697f739eba2f99d196a0c111a9d55201f06aba13dfb7d50ccf0
                                                                                                                            • Opcode Fuzzy Hash: b404b7d3d05fa1f1c9754e2a7e13fbf99360a588fc7db42071e36062d98467c5
                                                                                                                            • Instruction Fuzzy Hash: 78910074A412089FDB44DFA8E965AAEBBF2FF88305F104069E809AB395CB349C45CF51
                                                                                                                            Function 0960E350 Relevance: 3.5, Strings: 2, Instructions: 1023COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: tJ[$tJ[
                                                                                                                            • API String ID: 0-2017738485
                                                                                                                            • Opcode ID: b5e013c56f5da39d9c28707a445ac2fe67e556dc8e76f35dfef4b43e7295cff0
                                                                                                                            • Instruction ID: e4106aa4b494e3d9028d5932d2f0f0a3c2b050b359e7f6d53bfd4795b0e3723e
                                                                                                                            • Opcode Fuzzy Hash: b5e013c56f5da39d9c28707a445ac2fe67e556dc8e76f35dfef4b43e7295cff0
                                                                                                                            • Instruction Fuzzy Hash: 0B927B30A002548FDB19DF78D4A476EBBB2BFC4300F1489A9E449AB395DB75EC86CB51
                                                                                                                            Function 0960F850 Relevance: 3.1, Strings: 2, Instructions: 598COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq$Hnq
                                                                                                                            • API String ID: 0-3116299003
                                                                                                                            • Opcode ID: 7e11e517af4e4d01098aa82635f015f43c715386e2ec9c202b2a2d0d9b101b60
                                                                                                                            • Instruction ID: 3d28ba804f4cb8c298c311bcad3ba46888b2b66ba19166f623d592916606ad39
                                                                                                                            • Opcode Fuzzy Hash: 7e11e517af4e4d01098aa82635f015f43c715386e2ec9c202b2a2d0d9b101b60
                                                                                                                            • Instruction Fuzzy Hash: DC22D330B002459FCB15DFB8D4646AEBBB2AFC9300F1485AAE805EB391DB35DD46CB91
                                                                                                                            Function 030E78A8 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4'jq
                                                                                                                            • API String ID: 0-1204115232
                                                                                                                            • Opcode ID: cee5116e7d4b46951c98fd275b574dbcd0e826511c0e19c3e6c20331c223c947
                                                                                                                            • Instruction ID: bf18e979057ad3bcc3d8ffae182c54910b76453c0262b513ff1bdef3336fd698
                                                                                                                            • Opcode Fuzzy Hash: cee5116e7d4b46951c98fd275b574dbcd0e826511c0e19c3e6c20331c223c947
                                                                                                                            • Instruction Fuzzy Hash: 98711674A416089FDB48EFAAF94569ABFE6FF98301F14C12AD0099B364DF385906CF50
                                                                                                                            Function 096220A8 Relevance: 2.3, Strings: 1, Instructions: 1075COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (n\
                                                                                                                            • API String ID: 0-1767445531
                                                                                                                            • Opcode ID: a42ab1caff65955770cad614e8fb8302f817235cd7a6ffdbd449879ae3e29d5f
                                                                                                                            • Instruction ID: 5f0fc620f273e5f18416c9c3afc827325efe7c7a0d8c1c8110a0de373469addc
                                                                                                                            • Opcode Fuzzy Hash: a42ab1caff65955770cad614e8fb8302f817235cd7a6ffdbd449879ae3e29d5f
                                                                                                                            • Instruction Fuzzy Hash: 93929E70A006159FCB18DF69D494A6EBBF6FF88310F108568E9169B3A4DB34EC45CF91
                                                                                                                            Function 09620040 Relevance: 2.0, Strings: 1, Instructions: 753COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $f\
                                                                                                                            • API String ID: 0-765262363
                                                                                                                            • Opcode ID: 2cc4b7b034cb1ba2debd899a1f79c40958295bd0c97cc6139835e265f0bb6a8a
                                                                                                                            • Instruction ID: 8a4ad16be501ce420aaf354c9cb26a11a684ace45cd5171ca56c5e2eba468c4a
                                                                                                                            • Opcode Fuzzy Hash: 2cc4b7b034cb1ba2debd899a1f79c40958295bd0c97cc6139835e265f0bb6a8a
                                                                                                                            • Instruction Fuzzy Hash: 18622C74B002588FCB54DF65D998BADBBB2FF88300F1084A9E90AA7395DB349D85CF51
                                                                                                                            Function 09604F00 Relevance: 1.9, Strings: 1, Instructions: 628COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: 13cd3fe33c773d0d5fe74ed47b552f0f48347ed00addb4575e4f76032658e1b2
                                                                                                                            • Instruction ID: 4244945d49475f09a6c3ecc4e0d1aa5f948127a738b04081ca14b9da48d5b960
                                                                                                                            • Opcode Fuzzy Hash: 13cd3fe33c773d0d5fe74ed47b552f0f48347ed00addb4575e4f76032658e1b2
                                                                                                                            • Instruction Fuzzy Hash: 53329C34A012458FCB18DF69D4A4AAEBBF2BF88310F1484AAE806D7391DB34DD45CF91
                                                                                                                            Function 030E0890 Relevance: 1.8, APIs: 1, Instructions: 285libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 05ba3a4a5e2cc02823f6573caf43ee43a091d8a90c0065bd5cde22d53ec45cf0
                                                                                                                            • Instruction ID: f2e12be711494133446eec8cd1fa69f3af5f140d374c2829b1d26aa878969273
                                                                                                                            • Opcode Fuzzy Hash: 05ba3a4a5e2cc02823f6573caf43ee43a091d8a90c0065bd5cde22d53ec45cf0
                                                                                                                            • Instruction Fuzzy Hash: 3EB127387505008FD784DF39C998A29BBE6FF88714B2585A9E50ACB3B5DB71EC01CB80
                                                                                                                            Function 081DB6D0 Relevance: 1.8, Strings: 1, Instructions: 528COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $jq
                                                                                                                            • API String ID: 0-2886413773
                                                                                                                            • Opcode ID: b6c2ccfb4aa7baa5b369acc30818c2dcb8f99e3005a506a8151fb4c02a877d23
                                                                                                                            • Instruction ID: 9e9a5c9132009b8089075945e1e47b695d22898436fda6eb2f57233ea7507ee7
                                                                                                                            • Opcode Fuzzy Hash: b6c2ccfb4aa7baa5b369acc30818c2dcb8f99e3005a506a8151fb4c02a877d23
                                                                                                                            • Instruction Fuzzy Hash: 78127B74B002058FCB14DF69D594AAEBBF6BF88711B158169D806EB365DB30EC42CBA0
                                                                                                                            Function 09623B58 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ^\
                                                                                                                            • API String ID: 0-581937200
                                                                                                                            • Opcode ID: 76cf9de2d10f817e9e6bdc358fa106b48fae43f773c2796bb85e8f031a2ed7ca
                                                                                                                            • Instruction ID: 8d31a27bdd6e87a4413afc7291fa64cec9cd5e86af9921270c6512417ce5ca35
                                                                                                                            • Opcode Fuzzy Hash: 76cf9de2d10f817e9e6bdc358fa106b48fae43f773c2796bb85e8f031a2ed7ca
                                                                                                                            • Instruction Fuzzy Hash: BED14574B006159FCB14DF69E584969BBF6FF88710B248469E806EB364DB38ED42CF90
                                                                                                                            Function 096526EC Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: 297f5860b5340aeb6bd597221fc4e4f0501d777286cd7638e83eafa08dfc2a6d
                                                                                                                            • Instruction ID: 30cfdea171c63c4cd3e5571e512f423e50c74848807632dbf1586e56ffd658de
                                                                                                                            • Opcode Fuzzy Hash: 297f5860b5340aeb6bd597221fc4e4f0501d777286cd7638e83eafa08dfc2a6d
                                                                                                                            • Instruction Fuzzy Hash: 20A12A34A00219DFDB14DF65D894B9DBBB6FF88304F1481AAE806A7365EF70A985CF50
                                                                                                                            Function 0962D668 Relevance: .7, Instructions: 718COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f292972d5dddca886750699682d2bd19b7293203fce7e384321f5215f8be1a6e
                                                                                                                            • Instruction ID: b4e6c72679afda768a1c7a0900b87c0532bc314fdf16c9c4f1ec881fce2845aa
                                                                                                                            • Opcode Fuzzy Hash: f292972d5dddca886750699682d2bd19b7293203fce7e384321f5215f8be1a6e
                                                                                                                            • Instruction Fuzzy Hash: 2842BD34B047509FC7199F79A464A6EBBE6FF89300F1584AAE806CB395DE34DC02CB91
                                                                                                                            Function 09629248 Relevance: .6, Instructions: 615COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 940c2a8f7456eb188f6d57b7f0c20c7d0684429325434415b8eb8202a165cff6
                                                                                                                            • Instruction ID: b58e80c6c704377a412442effec86024672a8e5b7214895be0a971b5eb71f8ad
                                                                                                                            • Opcode Fuzzy Hash: 940c2a8f7456eb188f6d57b7f0c20c7d0684429325434415b8eb8202a165cff6
                                                                                                                            • Instruction Fuzzy Hash: 30229B30B003519FCB689F79A46872E7BE6BBC8340F144869E846CB7D5DE34DC468B92
                                                                                                                            Function 081DDF65 Relevance: .6, Instructions: 554COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6ce9a15a24deb17cf1452128e7639539de37c8334b26177df1e0b3fac60d669
                                                                                                                            • Instruction ID: 04e87b511191423ceccada08743636809354be55da299ddc82932c78b6a60169
                                                                                                                            • Opcode Fuzzy Hash: c6ce9a15a24deb17cf1452128e7639539de37c8334b26177df1e0b3fac60d669
                                                                                                                            • Instruction Fuzzy Hash: 66228D71A003059FCB15DF68D880B9EBBF6EF84312F1585A9E405DB2A5DB34ED46CBA0
                                                                                                                            Function 08138610 Relevance: .5, Instructions: 524COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d3881693122a690e5adad7c21eeb263e1303c578678e200363fd59b666a9167
                                                                                                                            • Instruction ID: bb356582b5f9814b602abb3f2d3916653d4fefe07f1b2e60e9e84322e904e1d9
                                                                                                                            • Opcode Fuzzy Hash: 0d3881693122a690e5adad7c21eeb263e1303c578678e200363fd59b666a9167
                                                                                                                            • Instruction Fuzzy Hash: 423203B4901228DFDB65DF64D944BDABBB2FF49301F0080E9E509AB2A1DB359E85CF50
                                                                                                                            Function 09657738 Relevance: .4, Instructions: 385COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be7364a1ca60324c4aa6eada1199ab7363ebbaa9551d5d21f3d32f3226aa08cc
                                                                                                                            • Instruction ID: c7304a42e7172014f99893d6c7727fbb43255c4506c78a108d6764ef09056983
                                                                                                                            • Opcode Fuzzy Hash: be7364a1ca60324c4aa6eada1199ab7363ebbaa9551d5d21f3d32f3226aa08cc
                                                                                                                            • Instruction Fuzzy Hash: 34E17035A002548FC714DF68D558BAEBBF2AF88310F1580AAEC4AEB345DA75DD41CFA1
                                                                                                                            Function 08138602 Relevance: .4, Instructions: 352COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03b893af850fdefe43728dbeda203163a996beb842489aeea8348b5df38301a6
                                                                                                                            • Instruction ID: 307e6d499edd81b956c27443c06f0769b0f23e64845b66eb3e7c80d42c10fd33
                                                                                                                            • Opcode Fuzzy Hash: 03b893af850fdefe43728dbeda203163a996beb842489aeea8348b5df38301a6
                                                                                                                            • Instruction Fuzzy Hash: A2F123B4901228DFDB65DF24D954BDABBB2FF49301F0080E9E509AB2A0DB359E85CF50
                                                                                                                            Function 081D0448 Relevance: .4, Instructions: 351COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d733b81111c65e2ef233ab3973ff093b3287d959dd2abdd8805da072dcac2b6
                                                                                                                            • Instruction ID: 35af50d313105e98eece6169ed22834e035981a35f9ad42d8645424f857aab42
                                                                                                                            • Opcode Fuzzy Hash: 9d733b81111c65e2ef233ab3973ff093b3287d959dd2abdd8805da072dcac2b6
                                                                                                                            • Instruction Fuzzy Hash: 16F1B174E002188FDB54DF69D991BAEBBB2BF89300F1081AAD50DAB355DB349E85CF50
                                                                                                                            Function 096593C4 Relevance: .3, Instructions: 347COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be6039ae910807c30069bea9c0b4389c5d11a742d26acad74048b971e65a3c03
                                                                                                                            • Instruction ID: d4bfe3a1918e348d7d761ec9f207ad060d84e4a37af97e1e74b1f00f4683e351
                                                                                                                            • Opcode Fuzzy Hash: be6039ae910807c30069bea9c0b4389c5d11a742d26acad74048b971e65a3c03
                                                                                                                            • Instruction Fuzzy Hash: ACD17D71A002058FCB04DF69D994AAEBBF2FF89304F158569E805DB3A5DB30EC41CBA1
                                                                                                                            Function 09605650 Relevance: .3, Instructions: 331COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 775922cd7dc2f4db9500ff6100381b57e0a76991355f760f89ea63d12c6094d7
                                                                                                                            • Instruction ID: 8be51cd14546c43f75151661294925a9ac95004251af6d62751a59801953931c
                                                                                                                            • Opcode Fuzzy Hash: 775922cd7dc2f4db9500ff6100381b57e0a76991355f760f89ea63d12c6094d7
                                                                                                                            • Instruction Fuzzy Hash: FCC15F706002029FDB18DF66E895B6ABBE6FF80310F10C968E5069B7A5DB74EC45CF91
                                                                                                                            Function 09624090 Relevance: .3, Instructions: 267COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6cff760da929292e2f1d35f4490418c787e438fa037458c22fd889abf344b5ff
                                                                                                                            • Instruction ID: b305ea4d403e3de6ba31069c0cdb3c8d4690ec215fa71be34d080fcbc88d6c5b
                                                                                                                            • Opcode Fuzzy Hash: 6cff760da929292e2f1d35f4490418c787e438fa037458c22fd889abf344b5ff
                                                                                                                            • Instruction Fuzzy Hash: A5A18C75A002159FCB48DFB5D854AAEBBB6EFC9340B1580A9E905DB265EF35C802CB90
                                                                                                                            Function 081D0408 Relevance: .2, Instructions: 174COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0c1abc6dde637abd1810d102ce25468536d41d3752d95c54d224e495962688e
                                                                                                                            • Instruction ID: 767cc4cf2ef73e264db36fe4184478825b3eea8e2c94248283deaf4a01eadd26
                                                                                                                            • Opcode Fuzzy Hash: f0c1abc6dde637abd1810d102ce25468536d41d3752d95c54d224e495962688e
                                                                                                                            • Instruction Fuzzy Hash: 0171E374E047188FDB18CF6AD951B9EBBB2BF89300F14C0AAD449AB366DB305945CF51
                                                                                                                            Function 081D0447 Relevance: .2, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 729739c45f4f5a5be23c787422073bf597a6056ff78d2146e793df5e283ef3d8
                                                                                                                            • Instruction ID: 714722027e4dec0fc85ef733df1f41b22ca650bda2af9b5ff53faa9c03c1bfe5
                                                                                                                            • Opcode Fuzzy Hash: 729739c45f4f5a5be23c787422073bf597a6056ff78d2146e793df5e283ef3d8
                                                                                                                            • Instruction Fuzzy Hash: FE61C274E046188FDB18CF6AD951B9EBBB6BF89300F10C0AA990DAB365DB305D85CF41
                                                                                                                            Function 081D7628 Relevance: 38.2, Strings: 28, Instructions: 3207COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 678 81d7628-81d763b 679 81d763e-81d7662 678->679 681 81d77a8-81d8732 679->681 682 81d7668-81d767b 679->682 922 81d873c-81daccf 681->922 683 81d7681-81d7684 682->683 684 81d7790-81d779a 682->684 686 81d7687-81d76a1 683->686 684->679 685 81d77a0-81d77a7 684->685 686->684 690 81d76a7-81d76a9 686->690 691 81d76ab-81d76c1 690->691 692 81d76c3-81d76d0 690->692 697 81d76d3-81d7727 call 81d69a0 691->697 692->697 709 81d7729-81d7736 697->709 710 81d7738 697->710 712 81d773a-81d7748 709->712 710->712 716 81d774a-81d7775 call 81d6f58 712->716 717 81d7777 712->717 719 81d777a-81d778a 716->719 717->719 719->684 719->686 1407 81dad19-81dad20 922->1407 1408 81dacd1-81dace8 1407->1408 1409 81dad22-81dad27 1407->1409 1410 81dad28-81dad5a 1408->1410 1411 81dacea-81dad16 1408->1411 1411->1407
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $#jq$(Aoq$(ojq$, jq$,nq$,nq$0"jq$4'jq$4cjq$Hbkq$LRjq$PHjq$Ppjq$X#jq$\;jq$\sjq$p jq$p<jq$pBoq$p`jq$x oq$xnq$|bkq$|oq$oq$$jq$;jq$cjq
                                                                                                                            • API String ID: 0-727158445
                                                                                                                            • Opcode ID: 019d04efb7c907ca8300de40d12de1aa3010446792dab0c644a915f94f21bdac
                                                                                                                            • Instruction ID: 9bc7088c1c03c29b9fc52564d20f16a19d76e8ed63c59f1fb7338a0e11fbb91d
                                                                                                                            • Opcode Fuzzy Hash: 019d04efb7c907ca8300de40d12de1aa3010446792dab0c644a915f94f21bdac
                                                                                                                            • Instruction Fuzzy Hash: 76630970A80218AFDB259F94DD51B9E7BBAEF88300F1040D9E6496B3E4CE755E84CF25
                                                                                                                            Function 081D6F58 Relevance: 36.9, Strings: 27, Instructions: 3122COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1416 81d6f58-81d6f6c 1417 81d6f6e 1416->1417 1418 81d6f71-81d6f77 1416->1418 1417->1418 1419 81d6f7d 1418->1419 1420 81d7215-81d7291 1418->1420 1419->1420 1421 81d705d-81d7071 1419->1421 1422 81d709d-81d70bf 1419->1422 1423 81d70dd-81d70f1 1419->1423 1424 81d717e-81d71a0 1419->1424 1425 81d6ff9-81d700d 1419->1425 1426 81d71b8-81d71d2 1419->1426 1427 81d715a-81d717c 1419->1427 1428 81d7076-81d7098 1419->1428 1429 81d70f6-81d710a 1419->1429 1430 81d7012-81d7026 1419->1430 1431 81d710f-81d7123 1419->1431 1432 81d7128-81d713c 1419->1432 1433 81d702b-81d703f 1419->1433 1434 81d6f84-81d6fa3 1419->1434 1435 81d7044-81d7058 1419->1435 1436 81d70c4-81d70d8 1419->1436 1437 81d6fc7-81d6fdb 1419->1437 1438 81d7141-81d7155 1419->1438 1439 81d6fe0-81d6ff4 1419->1439 1440 81d71a2-81d71b6 1419->1440 1504 81d72b0-81d8722 1420->1504 1505 81d7293-81d7295 1420->1505 1483 81d71da-81d71e4 1421->1483 1422->1483 1423->1483 1424->1483 1425->1483 1426->1483 1427->1483 1428->1483 1429->1483 1430->1483 1431->1483 1432->1483 1433->1483 1485 81d6faa-81d6fc2 1434->1485 1486 81d6fa5 call 81d6180 1434->1486 1435->1483 1436->1483 1437->1483 1438->1483 1439->1483 1440->1483 1490 81d7209-81d7212 1483->1490 1491 81d71e6-81d7201 1483->1491 1485->1483 1486->1485 1491->1490 1685 81d872c-81d8732 1504->1685 1507 81d72b4-81d72bb 1505->1507 1508 81d7297-81d729d 1505->1508 1509 81d72bc-81d72ca 1507->1509 1508->1509 1510 81d729f-81d72ad 1508->1510 1511 81d72cc-81d731c 1509->1511 1510->1511 1512 81d72af 1510->1512 1524 81d731e-81d7331 call 81d6f58 1511->1524 1525 81d733b-81d733f 1511->1525 1512->1504 1524->1525 1686 81d873c-81daccf 1685->1686 2171 81dad19-81dad20 1686->2171 2172 81dacd1-81dace8 2171->2172 2173 81dad22-81dad27 2171->2173 2174 81dad28-81dad5a 2172->2174 2175 81dacea-81dad16 2172->2175 2175->2171
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $#jq$(Aoq$(ojq$, jq$,nq$,nq$0"jq$4'jq$4cjq$Hbkq$LRjq$PHjq$Ppjq$X#jq$\;jq$\sjq$p jq$p<jq$pBoq$p`jq$x oq$xnq$|bkq$|oq$oq$$jq$;jq
                                                                                                                            • API String ID: 0-470169111
                                                                                                                            • Opcode ID: 0b3533387a3be0e642d65c27f66c2c15725be436041254c7fc2724e5747cef47
                                                                                                                            • Instruction ID: a6d67018f9026c40f0110f2435a1b009e05c3b1b251e873cf27de59acd91c682
                                                                                                                            • Opcode Fuzzy Hash: 0b3533387a3be0e642d65c27f66c2c15725be436041254c7fc2724e5747cef47
                                                                                                                            • Instruction Fuzzy Hash: F6532B70A40218AFDB259F94ED11B9E7BBAEF88300F1040D9E6496B3E4DE755E84CF25
                                                                                                                            Function 0962886B Relevance: 25.8, Strings: 20, Instructions: 831COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: v[$,7nq$,S\$,S\$,S\$,s[$,s[$4^[$4^[$8p[$Dj[$Dj[$Dm[$Dm[$X`[$X`[$X`[$hR\$hR\$hR\
                                                                                                                            • API String ID: 0-4195692651
                                                                                                                            • Opcode ID: f92cbc988ab851e0434c122d4cf65451a30830c82ee6ef662941bd06438a1749
                                                                                                                            • Instruction ID: 3acb9a748472e92792ba04485fd2beb5c81302c9428a91f7eeb302059ea035b4
                                                                                                                            • Opcode Fuzzy Hash: f92cbc988ab851e0434c122d4cf65451a30830c82ee6ef662941bd06438a1749
                                                                                                                            • Instruction Fuzzy Hash: 8F62BD30B046558FCB199FB9D8A45AE7BB6FFC9350B24805AD402DB3A6DE749C02CB91
                                                                                                                            Function 08A60D80 Relevance: 20.6, Strings: 16, Instructions: 615COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 2604 8a60d80-8a60dcb 2609 8a60dd1-8a60dd3 2604->2609 2610 8a60efd-8a60f10 2604->2610 2611 8a60dd6-8a60de5 2609->2611 2614 8a61006-8a61011 2610->2614 2615 8a60f16-8a60f25 2610->2615 2616 8a60e9d-8a60ea1 2611->2616 2617 8a60deb-8a60e1d 2611->2617 2618 8a61019-8a61022 2614->2618 2624 8a60fd1-8a60fd5 2615->2624 2625 8a60f2b-8a60f51 2615->2625 2619 8a60ea3-8a60eae 2616->2619 2620 8a60eb0 2616->2620 2655 8a60e26-8a60e2d 2617->2655 2656 8a60e1f-8a60e24 2617->2656 2622 8a60eb5-8a60eb8 2619->2622 2620->2622 2622->2618 2629 8a60ebe-8a60ec2 2622->2629 2627 8a60fd7-8a60fe2 2624->2627 2628 8a60fe4 2624->2628 2651 8a60f53-8a60f58 2625->2651 2652 8a60f5a-8a60f61 2625->2652 2630 8a60fe6-8a60fe8 2627->2630 2628->2630 2631 8a60ec4-8a60ecf 2629->2631 2632 8a60ed1 2629->2632 2636 8a60fea-8a60ff4 2630->2636 2637 8a61039-8a610b5 2630->2637 2638 8a60ed3-8a60ed5 2631->2638 2632->2638 2648 8a60ff7-8a61000 2636->2648 2686 8a610bb-8a610bd 2637->2686 2687 8a61189-8a6119c 2637->2687 2642 8a61025-8a61032 2638->2642 2643 8a60edb-8a60ee5 2638->2643 2642->2637 2653 8a60ee8-8a60ef2 2643->2653 2648->2614 2648->2615 2659 8a60fc5-8a60fcf 2651->2659 2660 8a60f86-8a60faa 2652->2660 2661 8a60f63-8a60f84 2652->2661 2653->2611 2662 8a60ef8 2653->2662 2657 8a60e52-8a60e76 2655->2657 2658 8a60e2f-8a60e50 2655->2658 2663 8a60e91-8a60e9b 2656->2663 2676 8a60e8e 2657->2676 2677 8a60e78-8a60e7e 2657->2677 2658->2663 2659->2648 2678 8a60fc2 2660->2678 2679 8a60fac-8a60fb2 2660->2679 2661->2659 2662->2618 2663->2653 2676->2663 2681 8a60e82-8a60e84 2677->2681 2682 8a60e80 2677->2682 2678->2659 2683 8a60fb6-8a60fb8 2679->2683 2684 8a60fb4 2679->2684 2681->2676 2682->2676 2683->2678 2684->2678 2688 8a610c0-8a610cf 2686->2688 2691 8a61234-8a6123f 2687->2691 2692 8a611a2-8a611b1 2687->2692 2693 8a610d1-8a610dd 2688->2693 2694 8a61129-8a6112d 2688->2694 2695 8a61247-8a61250 2691->2695 2701 8a611b3-8a611dc 2692->2701 2702 8a611ff-8a61203 2692->2702 2707 8a610e7-8a610fe 2693->2707 2696 8a6112f-8a6113a 2694->2696 2697 8a6113c 2694->2697 2700 8a61141-8a61144 2696->2700 2697->2700 2700->2695 2706 8a6114a-8a6114e 2700->2706 2721 8a611f4-8a611fd 2701->2721 2722 8a611de-8a611e4 2701->2722 2704 8a61205-8a61210 2702->2704 2705 8a61212 2702->2705 2710 8a61214-8a61216 2704->2710 2705->2710 2708 8a61150-8a6115b 2706->2708 2709 8a6115d 2706->2709 2718 8a61104-8a61106 2707->2718 2715 8a6115f-8a61161 2708->2715 2709->2715 2713 8a61267-8a61284 2710->2713 2714 8a61218-8a61222 2710->2714 2739 8a61286-8a61293 2713->2739 2740 8a61298-8a612af 2713->2740 2727 8a61225-8a6122e 2714->2727 2716 8a61167-8a61171 2715->2716 2717 8a61253-8a61260 2715->2717 2734 8a61174-8a6117e 2716->2734 2717->2713 2724 8a6111e-8a61127 2718->2724 2725 8a61108-8a6110e 2718->2725 2721->2727 2728 8a611e6 2722->2728 2729 8a611e8-8a611ea 2722->2729 2724->2734 2732 8a61112-8a61114 2725->2732 2733 8a61110 2725->2733 2727->2691 2727->2692 2728->2721 2729->2721 2732->2724 2733->2724 2734->2688 2738 8a61184 2734->2738 2738->2695 2739->2740 2742 8a612c7-8a612e9 2740->2742 2743 8a612b1-8a612b7 2740->2743 2748 8a612ec-8a612f0 2742->2748 2744 8a612bb-8a612bd 2743->2744 2745 8a612b9 2743->2745 2744->2742 2745->2742 2749 8a612f2-8a612f7 2748->2749 2750 8a612f9-8a612fe 2748->2750 2751 8a61304-8a61307 2749->2751 2750->2751 2752 8a6130d-8a61322 2751->2752 2753 8a614f8-8a61500 2751->2753 2752->2748 2755 8a61324 2752->2755 2756 8a613e0-8a61405 2755->2756 2757 8a6132b-8a61350 2755->2757 2758 8a61498 2755->2758 2768 8a61407-8a61409 2756->2768 2769 8a6140b-8a6140f 2756->2769 2770 8a61356-8a6135a 2757->2770 2771 8a61352-8a61354 2757->2771 2761 8a614a2-8a614b9 2758->2761 2762 8a614bf-8a614f3 2761->2762 2762->2748 2773 8a6146d-8a61493 2768->2773 2774 8a61430-8a61453 2769->2774 2775 8a61411-8a6142e 2769->2775 2777 8a6135c-8a61379 2770->2777 2778 8a6137b-8a6139e 2770->2778 2776 8a613b8-8a613db 2771->2776 2773->2748 2792 8a61455-8a6145b 2774->2792 2793 8a6146b 2774->2793 2775->2773 2776->2748 2777->2776 2794 8a613b6 2778->2794 2795 8a613a0-8a613a6 2778->2795 2796 8a6145f-8a61461 2792->2796 2797 8a6145d 2792->2797 2793->2773 2794->2776 2798 8a613aa-8a613ac 2795->2798 2799 8a613a8 2795->2799 2796->2793 2797->2793 2798->2794 2799->2794
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                                                                                                            • API String ID: 0-2647192402
                                                                                                                            • Opcode ID: 6b44ab5631ecefdc4ac6c93999cd0f6174effa9f2cdbf2af96a788fd447ca5f8
                                                                                                                            • Instruction ID: cbb1f9c7d0760972d9c75ea6498b37c66fa5114e9cbc54436db14e27ced9ab79
                                                                                                                            • Opcode Fuzzy Hash: 6b44ab5631ecefdc4ac6c93999cd0f6174effa9f2cdbf2af96a788fd447ca5f8
                                                                                                                            • Instruction Fuzzy Hash: 1422E030B042049FCB049B69C948A6EBBF7FF89711B10846AE506DBBAADF74DC51CB51
                                                                                                                            Function 08A61530 Relevance: 16.9, Strings: 12, Instructions: 1949COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                                                                                                            • API String ID: 0-2083384215
                                                                                                                            • Opcode ID: 762af8119c3ae99617a59a173a84e4e0084ac3d55c3f39b326cb90e8249db5e1
                                                                                                                            • Instruction ID: 3e2a8472306801bfc376f4a001ff72d389d27b59ec03b947dcbbfee249aaba8e
                                                                                                                            • Opcode Fuzzy Hash: 762af8119c3ae99617a59a173a84e4e0084ac3d55c3f39b326cb90e8249db5e1
                                                                                                                            • Instruction Fuzzy Hash: CEF2BF70B402089FCB14DF68C954BAEBBB6FF88700F108499E606AB7A5DF75AD41CB51
                                                                                                                            Function 02F0003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3298 2f0003c-2f00047 3299 2f00049 3298->3299 3300 2f0004c-2f00263 call 2f00a3f call 2f00e0f call 2f00d90 VirtualAlloc 3298->3300 3299->3300 3315 2f00265-2f00289 call 2f00a69 3300->3315 3316 2f0028b-2f00292 3300->3316 3321 2f002ce-2f003c2 VirtualProtect call 2f00cce call 2f00ce7 3315->3321 3318 2f002a1-2f002b0 3316->3318 3320 2f002b2-2f002cc 3318->3320 3318->3321 3320->3318 3327 2f003d1-2f003e0 3321->3327 3328 2f003e2-2f00437 call 2f00ce7 3327->3328 3329 2f00439-2f004b8 VirtualFree 3327->3329 3328->3327 3331 2f005f4-2f005fe 3329->3331 3332 2f004be-2f004cd 3329->3332 3335 2f00604-2f0060d 3331->3335 3336 2f0077f-2f00789 3331->3336 3334 2f004d3-2f004dd 3332->3334 3334->3331 3340 2f004e3-2f00505 LoadLibraryA 3334->3340 3335->3336 3341 2f00613-2f00637 3335->3341 3338 2f007a6-2f007b0 3336->3338 3339 2f0078b-2f007a3 3336->3339 3342 2f007b6-2f007cb 3338->3342 3343 2f0086e-2f008be LoadLibraryA 3338->3343 3339->3338 3344 2f00517-2f00520 3340->3344 3345 2f00507-2f00515 3340->3345 3346 2f0063e-2f00648 3341->3346 3347 2f007d2-2f007d5 3342->3347 3350 2f008c7-2f008f9 3343->3350 3348 2f00526-2f00547 3344->3348 3345->3348 3346->3336 3349 2f0064e-2f0065a 3346->3349 3351 2f00824-2f00833 3347->3351 3352 2f007d7-2f007e0 3347->3352 3353 2f0054d-2f00550 3348->3353 3349->3336 3354 2f00660-2f0066a 3349->3354 3355 2f00902-2f0091d 3350->3355 3356 2f008fb-2f00901 3350->3356 3362 2f00839-2f0083c 3351->3362 3357 2f007e2 3352->3357 3358 2f007e4-2f00822 3352->3358 3359 2f005e0-2f005ef 3353->3359 3360 2f00556-2f0056b 3353->3360 3361 2f0067a-2f00689 3354->3361 3356->3355 3357->3351 3358->3347 3359->3334 3366 2f0056d 3360->3366 3367 2f0056f-2f0057a 3360->3367 3363 2f00750-2f0077a 3361->3363 3364 2f0068f-2f006b2 3361->3364 3362->3343 3365 2f0083e-2f00847 3362->3365 3363->3346 3370 2f006b4-2f006ed 3364->3370 3371 2f006ef-2f006fc 3364->3371 3372 2f00849 3365->3372 3373 2f0084b-2f0086c 3365->3373 3366->3359 3368 2f0059b-2f005bb 3367->3368 3369 2f0057c-2f00599 3367->3369 3381 2f005bd-2f005db 3368->3381 3369->3381 3370->3371 3375 2f0074b 3371->3375 3376 2f006fe-2f00748 3371->3376 3372->3343 3373->3362 3375->3361 3376->3375 3381->3353
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02F0024D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2f00000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                            • Instruction ID: 0f69fa3b09fe25b87bf24f3d4cc93b20ceab391222479f3d0b240f39a584ccac
                                                                                                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                            • Instruction Fuzzy Hash: 1D525B75A01229DFDB64CF58C984BACBBB1BF09304F1480D9E94DAB391DB30AA95DF14
                                                                                                                            Function 088C6B10 Relevance: 7.9, Strings: 6, Instructions: 376COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3671 88c6b10-88c6b30 3672 88c6b38-88c6b3a 3671->3672 3673 88c6b32 3671->3673 3674 88c6b41-88c6b43 3672->3674 3675 88c6b3c 3673->3675 3676 88c6b34-88c6b36 3673->3676 3677 88c6b7a-88c6bf2 3674->3677 3678 88c6b45-88c6b5b call 88c6a48 3674->3678 3675->3674 3676->3672 3676->3675 3682 88c6bf9-88c6cb0 3677->3682 3678->3682 3683 88c6b61-88c6b77 3678->3683 3700 88c6cb8-88c6cba 3682->3700 3701 88c6cb2 3682->3701 3702 88c6cc1-88c6cc3 3700->3702 3703 88c6cbc 3701->3703 3704 88c6cb4-88c6cb6 3701->3704 3705 88c6cfa-88c6d72 3702->3705 3706 88c6cc5-88c6cdb call 88c6a48 3702->3706 3703->3702 3704->3700 3704->3703 3710 88c6d79-88c6e30 3705->3710 3706->3710 3711 88c6ce1-88c6cf7 3706->3711 3728 88c6e38-88c6e3a 3710->3728 3729 88c6e32 3710->3729 3732 88c6e41-88c6e43 3728->3732 3730 88c6e3c 3729->3730 3731 88c6e34-88c6e36 3729->3731 3730->3732 3731->3728 3731->3730 3733 88c6e7a-88c6ef2 3732->3733 3734 88c6e45-88c6e5b call 88c6a48 3732->3734 3738 88c6ef9-88c6f99 3733->3738 3734->3738 3739 88c6e61-88c6e77 3734->3739 3756 88c6fa1-88c6fa6 3738->3756
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq$(_jq$(_jq$(_jq$(_jq$(_jq
                                                                                                                            • API String ID: 0-3898125644
                                                                                                                            • Opcode ID: 2fb0a47cf3b4710c2a214fec49ddeec5ae16782969fa107d9ab8d3d6c776f6fc
                                                                                                                            • Instruction ID: 51053df8c95133011aa639d0cac50481c6e9c9c0375d13585ee48c04110e0e21
                                                                                                                            • Opcode Fuzzy Hash: 2fb0a47cf3b4710c2a214fec49ddeec5ae16782969fa107d9ab8d3d6c776f6fc
                                                                                                                            • Instruction Fuzzy Hash: 22E18D34A04254AFCB05DF68D4646AE7FB2EFC5311F2481AED806DB385DA35DE06CB92
                                                                                                                            Function 096855F0 Relevance: 6.7, Strings: 5, Instructions: 499COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3757 96855f0-9685613 3758 9685619-968561b 3757->3758 3759 96858dc-96858e5 3757->3759 3762 968592a-96859bb 3758->3762 3763 9685621-968562d 3758->3763 3760 96858ee-9685923 3759->3760 3761 96858e7-96858ec 3759->3761 3760->3762 3761->3760 3795 96859cb-9685a3f 3762->3795 3796 96859bd-96859ca 3762->3796 3768 968562f-9685636 3763->3768 3769 9685642-9685655 call 9685c50 3763->3769 3770 9685638-968563d 3768->3770 3771 9685691-968569a 3768->3771 3782 968565b-9685683 3769->3782 3774 96858c6-96858d0 3770->3774 3776 968569c-96856a1 3771->3776 3777 96856a3-96856f2 3771->3777 3776->3777 3801 96856fb-9685792 3777->3801 3802 96856f4-96856f9 3777->3802 3790 968568e 3782->3790 3791 9685685 3782->3791 3790->3771 3791->3790 3815 9685bd5-9685c48 3795->3815 3816 9685a45 3795->3816 3858 968579b-9685832 3801->3858 3859 9685794-9685799 3801->3859 3802->3801 3818 9685a4c-9685a5a 3816->3818 3819 9685bbc-9685bce 3816->3819 3820 9685b7f-9685bb5 3816->3820 3821 9685b42-9685b78 3816->3821 3822 9685b05-9685b3b 3816->3822 3824 9685afd-9685b04 3818->3824 3825 9685a60-9685a95 3818->3825 3819->3815 3820->3819 3821->3820 3822->3821 3848 9685af5-9685afc 3825->3848 3849 9685a97-9685aed 3825->3849 3849->3848 3875 968583b-96858bf 3858->3875 3876 9685834-9685839 3858->3876 3859->3858 3875->3774 3876->3875
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq$(nq$40[$40[$40[
                                                                                                                            • API String ID: 0-1719719743
                                                                                                                            • Opcode ID: 4a54d66386465581a4ed7c6e5f002f1d69206671f277017ade9fe06a538e7ea3
                                                                                                                            • Instruction ID: dc84e55c7c7ed5ecbf8fb5b5013a1c275aa7a20e480942d505d6f78f0966bbc4
                                                                                                                            • Opcode Fuzzy Hash: 4a54d66386465581a4ed7c6e5f002f1d69206671f277017ade9fe06a538e7ea3
                                                                                                                            • Instruction Fuzzy Hash: 2A029E30B042949FCB54AF78946866EBFF6BFC9300F1545AAE406DB391DE798C06CB52
                                                                                                                            Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3889 4018f0-4018fa 3890 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 3889->3890 3891 4018fc-401900 3889->3891 3894 401940-401949 GetLastError 3890->3894 3895 401996-40199a 3890->3895 3896 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 3894->3896 3897 40198d-40198f 3894->3897 3896->3897 3897->3895 3899 401991 call 401030 3897->3899 3899->3895
                                                                                                                            APIs
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                            • GetLastError.KERNEL32 ref: 00401940
                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000042B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3322701435-0
                                                                                                                            • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                            • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                            • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                            • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                            Function 030EEDB8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3902 30eedb8-30eee47 GetCurrentProcess 3906 30eee49-30eee4f 3902->3906 3907 30eee50-30eee84 GetCurrentThread 3902->3907 3906->3907 3908 30eee8d-30eeec1 GetCurrentProcess 3907->3908 3909 30eee86-30eee8c 3907->3909 3911 30eeeca-30eeee2 3908->3911 3912 30eeec3-30eeec9 3908->3912 3909->3908 3915 30eeeeb-30eef1a GetCurrentThreadId 3911->3915 3912->3911 3916 30eef1c-30eef22 3915->3916 3917 30eef23-30eef85 3915->3917 3916->3917
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 030EEE36
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 030EEE73
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 030EEEB0
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 030EEF09
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2063062207-0
                                                                                                                            • Opcode ID: d207b41128ef8a286c99172a3c9100960ca113d5adcee470c495073d6c3c1e25
                                                                                                                            • Instruction ID: a1771487636304850d7ca22cac4ed98ed069babeb06510947382db9dbfac58f5
                                                                                                                            • Opcode Fuzzy Hash: d207b41128ef8a286c99172a3c9100960ca113d5adcee470c495073d6c3c1e25
                                                                                                                            • Instruction Fuzzy Hash: 685174B09012499FEB14DFA9E548BAEFBF1FF88300F248459E409A7360D738A944CF65
                                                                                                                            Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3923 40af66-40af6e 3924 40af7d-40af88 call 40b84d 3923->3924 3927 40af70-40af7b call 40d2e3 3924->3927 3928 40af8a-40af8b 3924->3928 3927->3924 3931 40af8c-40af98 3927->3931 3932 40afb3-40afca call 40af49 call 40cd39 3931->3932 3933 40af9a-40afb2 call 40aefc call 40d2bd 3931->3933 3933->3932
                                                                                                                            APIs
                                                                                                                            • _malloc.LIBCMT ref: 0040AF80
                                                                                                                              • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                              • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                              • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                              • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000042B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1411284514-0
                                                                                                                            • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                            • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                            • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                            • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                            Function 0962F120 Relevance: 5.4, Strings: 4, Instructions: 424COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 3942 962f120-962f12f 3943 962f131-962f133 3942->3943 3944 962f18b-962f194 3942->3944 3945 962f1da-962f1e3 3943->3945 3946 962f139-962f14f 3943->3946 3947 962f196-962f19c 3944->3947 3948 962f19e-962f1d3 3944->3948 3949 962f1e5-962f1eb 3945->3949 3950 962f1ed-962f24a 3945->3950 3959 962f151-962f165 3946->3959 3960 962f16c-962f188 3946->3960 3947->3948 3948->3945 3949->3950 3969 962f250-962f25a 3950->3969 3970 962f24c-962f24f 3950->3970 3959->3960 3971 962f265-962f2cd 3969->3971 3972 962f25c-962f262 3969->3972 3980 962f2d3-962f2d5 3971->3980 3981 962f36a-962f373 3971->3981 3972->3971 3984 962f3c0-962f3c9 3980->3984 3985 962f2db-962f2f0 3980->3985 3982 962f375-962f37b 3981->3982 3983 962f37d-962f3b9 3981->3983 3982->3983 3983->3984 3986 962f3d3-962f3ee 3984->3986 3987 962f3cb-962f3d1 3984->3987 3988 962f2f2-962f2fa 3985->3988 3989 962f364-962f369 3985->3989 4004 962f3f5-962f446 3986->4004 3987->3986 3988->3989 3992 962f2fc-962f300 3988->3992 3993 962f302-962f317 3992->3993 3994 962f31f-962f329 3992->3994 3993->3994 3994->3989 3997 962f32b-962f32d 3994->3997 4001 962f32f-962f334 3997->4001 4002 962f33c-962f345 3997->4002 4001->4002 4002->4004 4005 962f34b-962f362 4002->4005 4010 962f44c-962f450 4004->4010 4011 962f56d-962f576 4004->4011 4005->3989 4005->3997 4015 962f456 4010->4015 4016 962f5bc-962f5c5 4010->4016 4012 962f580-962f5b5 4011->4012 4013 962f578-962f57e 4011->4013 4012->4016 4013->4012 4021 962f45f-962f46d 4015->4021 4017 962f5c7-962f5cd 4016->4017 4018 962f5cf-962f632 4016->4018 4017->4018 4044 962f634-962f638 4018->4044 4045 962f639-962f63d 4018->4045 4026 962f533-962f54c 4021->4026 4027 962f473-962f49a 4021->4027 4031 962f557 4026->4031 4032 962f54e 4026->4032 4040 962f4a4-962f4a7 4027->4040 4041 962f49c-962f4a2 4027->4041 4031->4011 4032->4031 4043 962f4aa-962f4ae 4040->4043 4041->4043 4046 962f4d0-962f4d6 4043->4046 4047 962f4b0-962f4c1 4043->4047 4048 962f4d8-962f4fc call 962f120 * 2 4046->4048 4049 962f4fe-962f51d call 962f120 * 2 4046->4049 4047->4046 4055 962f4c3-962f4c5 4047->4055 4059 962f522-962f52d 4048->4059 4049->4059 4055->4046 4059->4026 4059->4027
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq$(nq$(nq$(nq
                                                                                                                            • API String ID: 0-1907786836
                                                                                                                            • Opcode ID: ba1c6157b960e1e5336330a7d12af140c80b337d299d70a2c7a14cc1aece0c36
                                                                                                                            • Instruction ID: e3c1b86d30d2cd94315032be1a5734d5316dce54100636cd6f4f69c7ddd8db50
                                                                                                                            • Opcode Fuzzy Hash: ba1c6157b960e1e5336330a7d12af140c80b337d299d70a2c7a14cc1aece0c36
                                                                                                                            • Instruction Fuzzy Hash: 43E1B030B043519FCB159F78A46966E7BF6AF89310F2480AAE806DB395DE34CC42CF91
                                                                                                                            Function 088CE658 Relevance: 4.1, Strings: 3, Instructions: 349COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (n\$pQ\$&\
                                                                                                                            • API String ID: 0-1730574614
                                                                                                                            • Opcode ID: 75de57607ea66ca3c4944eb35304fa1af862932254b00cd59dd631505d4d2651
                                                                                                                            • Instruction ID: efec40e0de9dd9f20c4cdd96b2d7962c69d6203cc8248a533cad6b472b1f1183
                                                                                                                            • Opcode Fuzzy Hash: 75de57607ea66ca3c4944eb35304fa1af862932254b00cd59dd631505d4d2651
                                                                                                                            • Instruction Fuzzy Hash: A0E14C34A00205DFCB14DF69E994A5EBBB6FF88311F148569E4069B764DB34EC46CF90
                                                                                                                            Function 096550B0 Relevance: 4.1, Strings: 3, Instructions: 337COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $)g$$)g$8(g
                                                                                                                            • API String ID: 0-1685280214
                                                                                                                            • Opcode ID: 470ee5056e168366d31d9dbf92213a187fe80d378090358a9d7cd2124704ab53
                                                                                                                            • Instruction ID: 161305f53ee1acfc6eeb65c28956d7124d434b080be6b3fe0a3e2ab0343b29f0
                                                                                                                            • Opcode Fuzzy Hash: 470ee5056e168366d31d9dbf92213a187fe80d378090358a9d7cd2124704ab53
                                                                                                                            • Instruction Fuzzy Hash: 71C18E30B002549FCB14DFB9D8586ADBBF6EF88310F248569E906E7395DE319C46CB91
                                                                                                                            Function 088CD4E8 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,S\$hR\$hW\
                                                                                                                            • API String ID: 0-2043707586
                                                                                                                            • Opcode ID: a0fdb510039113e8066e529d70f0900dbe9040f5bde624b16f13e4346e5f7511
                                                                                                                            • Instruction ID: 09a2d348f5393215bbf10b2fbaf6e8efb71e2f898f27e64323c90afdc4cb1804
                                                                                                                            • Opcode Fuzzy Hash: a0fdb510039113e8066e529d70f0900dbe9040f5bde624b16f13e4346e5f7511
                                                                                                                            • Instruction Fuzzy Hash: 3F51F674A01219EFCB04EFA5E994DADBBB2BF88301F148029E816E7364DB34E945DB51
                                                                                                                            Function 096559E7 Relevance: 3.9, Strings: 3, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: x+g$xnq$xnq
                                                                                                                            • API String ID: 0-4281582098
                                                                                                                            • Opcode ID: 1eff8aaeedaa9a23a9abf063645b59c6928420c5ba1797f3fe4e51818e6ba558
                                                                                                                            • Instruction ID: 4db0bfaf2cdb5bcc1a4f1dfb990c04f9dd07a57a2df4012fd193663d44c02a51
                                                                                                                            • Opcode Fuzzy Hash: 1eff8aaeedaa9a23a9abf063645b59c6928420c5ba1797f3fe4e51818e6ba558
                                                                                                                            • Instruction Fuzzy Hash: FC4177706007049FC719DF29D550A5ABBF2FF85308B24C96DD45A8B7A5EB32E90ACF80
                                                                                                                            Function 09602628 Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: P=]$d1]$O]
                                                                                                                            • API String ID: 0-1326865641
                                                                                                                            • Opcode ID: 80a297ffde4a23965687e58e3ca5940e4c8ba4985836e844d7e0508788e63fd4
                                                                                                                            • Instruction ID: fe04dcaa1705220d8dd02ca2c0a46d5ce223444e34dcfd89189c67b8dea8cdde
                                                                                                                            • Opcode Fuzzy Hash: 80a297ffde4a23965687e58e3ca5940e4c8ba4985836e844d7e0508788e63fd4
                                                                                                                            • Instruction Fuzzy Hash: A34112302017015FC759EF69F580E5EBBEAEF84314B108A68D0468B668DB75FD4ECB91
                                                                                                                            Function 0960BF18 Relevance: 3.8, Strings: 3, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$|ra$3PJi^
                                                                                                                            • API String ID: 0-2942532007
                                                                                                                            • Opcode ID: 1e9001b8440fdd9d625982de95e6694e693b70acf305c782d8513ff63227fef5
                                                                                                                            • Instruction ID: c48f26238ada84ba59e211021e8c8189c3f20b450b4cb2c2590c836728631ea1
                                                                                                                            • Opcode Fuzzy Hash: 1e9001b8440fdd9d625982de95e6694e693b70acf305c782d8513ff63227fef5
                                                                                                                            • Instruction Fuzzy Hash: FC317F306003009FC759DF28E980A9A7BE6FF85300F10896AE4468BBA4DB35ED06CF91
                                                                                                                            Function 02BD817E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02BD81A6
                                                                                                                            • Module32First.KERNEL32(00000000,00000224), ref: 02BD81C6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD7000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2bd7000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3833638111-0
                                                                                                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                            • Instruction ID: dd44311b2bcdeda85b49df7e0f5146f9cd15397c8f39dd6db4f06a75d032dcfb
                                                                                                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                            • Instruction Fuzzy Hash: DBF062311007106BE7203BB5988CBEAB6EDFF49626F100568E656914C0EB70E88A4A61
                                                                                                                            Function 02F00E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,02F00223,?,?), ref: 02F00E19
                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,02F00223,?,?), ref: 02F00E1E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229861781.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2f00000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                            • Instruction ID: 45d8b9413bf6cb67591f2084faf88883303e7dd66208303ca186fed5f74efe4f
                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                            • Instruction Fuzzy Hash: 5CD01232645228B7DB002A94DC09BCEBB1CDF09BA6F008021FB0DE9080CBB09A4046EA
                                                                                                                            Function 096843C0 Relevance: 2.9, Strings: 2, Instructions: 381COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !Jh$tJ[
                                                                                                                            • API String ID: 0-3641345283
                                                                                                                            • Opcode ID: a843c8b60addd7845ebbbf8ad89cc6c84c30965d0826b07e74cc59b04f913f1d
                                                                                                                            • Instruction ID: b0130999f0d5242f3fdd6ab54b77fadd992063098f669de629d375bddfce8bf1
                                                                                                                            • Opcode Fuzzy Hash: a843c8b60addd7845ebbbf8ad89cc6c84c30965d0826b07e74cc59b04f913f1d
                                                                                                                            • Instruction Fuzzy Hash: CE021D75A00715DFDB14EF78C954A99BBB1FF89310F118699E849AB361EB30E981CF80
                                                                                                                            Function 0965F238 Relevance: 2.8, Strings: 2, Instructions: 344COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,dg$0eg
                                                                                                                            • API String ID: 0-1717949841
                                                                                                                            • Opcode ID: 94169ac31c6faeb1cafd2dceff2f3842a036df048dd00863652627b0b171a75f
                                                                                                                            • Instruction ID: 5734ee4dc953fa200d2652c4045a0b8ae27f5c443f4f7a2c8ff63cedb5d204fd
                                                                                                                            • Opcode Fuzzy Hash: 94169ac31c6faeb1cafd2dceff2f3842a036df048dd00863652627b0b171a75f
                                                                                                                            • Instruction Fuzzy Hash: 9CD15934B002449FCB14DF79D494AAEBBF6EF89300F148469E8069B7A5DB35DC46CB91
                                                                                                                            Function 09607C38 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: nd^$nd^
                                                                                                                            • API String ID: 0-2406384013
                                                                                                                            • Opcode ID: ef29cf7adc97f6f9298c04951c47b2dd73fc1d972152cc9c00ad3f9d758940b8
                                                                                                                            • Instruction ID: 198ad246f422ca65325d423cd764c5723e740672b2342e6ddca6b04b7d5e40c3
                                                                                                                            • Opcode Fuzzy Hash: ef29cf7adc97f6f9298c04951c47b2dd73fc1d972152cc9c00ad3f9d758940b8
                                                                                                                            • Instruction Fuzzy Hash: 5FD14C70A002059FCB18DF69E994A6EFBB6FF84310F14C668E405AB795DB34ED49CB90
                                                                                                                            Function 0965BE18 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq$(nq
                                                                                                                            • API String ID: 0-2974481825
                                                                                                                            • Opcode ID: a4bb633356dbab4bf26c52d9506dc6d29ba55dac84582affd401e3fd8679e664
                                                                                                                            • Instruction ID: 32eb37ad39771ca6f066b61779f0f6fdc23803c82a66615e97fb7f33c320baba
                                                                                                                            • Opcode Fuzzy Hash: a4bb633356dbab4bf26c52d9506dc6d29ba55dac84582affd401e3fd8679e664
                                                                                                                            • Instruction Fuzzy Hash: 61A1AD30B002459FCB449F78A86466EBFE6FFC9300F1581AAE906DB396DA35DD05CB91
                                                                                                                            Function 09686E48 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Dzc$PHjq
                                                                                                                            • API String ID: 0-4234368212
                                                                                                                            • Opcode ID: ee5e510f99bc7d2e7f958c91280ec36fb8e9042221607d01eb987a02a9e7a3a3
                                                                                                                            • Instruction ID: 577976af6d0b4099f26ac40b9b64be3e49d55a44af5f2637bad9a36bf79490da
                                                                                                                            • Opcode Fuzzy Hash: ee5e510f99bc7d2e7f958c91280ec36fb8e9042221607d01eb987a02a9e7a3a3
                                                                                                                            • Instruction Fuzzy Hash: DD91C2357002059FCB15EF69D488A6BBBF6FF84320F14826AE5498B761DB31ED85CB90
                                                                                                                            Function 088CE648 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: pQ\$&\
                                                                                                                            • API String ID: 0-3123153620
                                                                                                                            • Opcode ID: 52e23b7501c534e5438d861c8868218b3361a094561b4eb6cb37cbd3cfa5d539
                                                                                                                            • Instruction ID: d494d169584d6128f7899bdd20458fec2912708a8d22d52fa9a2d1af8b6b1980
                                                                                                                            • Opcode Fuzzy Hash: 52e23b7501c534e5438d861c8868218b3361a094561b4eb6cb37cbd3cfa5d539
                                                                                                                            • Instruction Fuzzy Hash: CC811874A00205DFCB18DF69E58899DBBB2FF88311F148569E806AB365DB30EC46CF90
                                                                                                                            Function 08A61516 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $jq$$jq
                                                                                                                            • API String ID: 0-3720491408
                                                                                                                            • Opcode ID: de2c61b351d9d25941ea4c2cbef2aa327e21e4e40d3d67d3951f8f526ef613ad
                                                                                                                            • Instruction ID: 8b53f6d651da0372bbbc8e538a0af1cfe5353bf8a739f16862a281065fb476c3
                                                                                                                            • Opcode Fuzzy Hash: de2c61b351d9d25941ea4c2cbef2aa327e21e4e40d3d67d3951f8f526ef613ad
                                                                                                                            • Instruction Fuzzy Hash: FD51E574B042059FDB009FB8C894B7EBBBBEF89715F104429E6029B7A9CE74DC118B91
                                                                                                                            Function 0965F228 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,dg$0eg
                                                                                                                            • API String ID: 0-1717949841
                                                                                                                            • Opcode ID: 211bad38840435c7b9f31735b040a501edbabf3dbff8a1e9503a42d21fd9d6bc
                                                                                                                            • Instruction ID: ee98cddfc894dd5bc4373ae386a5fa6b0a57d08178d1a27c72149a066151d512
                                                                                                                            • Opcode Fuzzy Hash: 211bad38840435c7b9f31735b040a501edbabf3dbff8a1e9503a42d21fd9d6bc
                                                                                                                            • Instruction Fuzzy Hash: B1615874A00204AFDB14DF68D484A9EBBF6FF88310F148569E8069B761DB71ED4ACF91
                                                                                                                            Function 096589B8 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq$xDc
                                                                                                                            • API String ID: 0-1724628187
                                                                                                                            • Opcode ID: 224deee22eb41e3b897dc8daa26f410159ce1a4d5a8de1e915e0842a90ce4d34
                                                                                                                            • Instruction ID: c09f0cee374465acc0924d66f246ecee2fe8da829a5739b31ced426cf63c6891
                                                                                                                            • Opcode Fuzzy Hash: 224deee22eb41e3b897dc8daa26f410159ce1a4d5a8de1e915e0842a90ce4d34
                                                                                                                            • Instruction Fuzzy Hash: E351AD307003519FCB149F6CE494A6A7BEAFFC5310F1585AAE906CB795DA71EC01CB91
                                                                                                                            Function 09626CA8 Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: h.[$h.[
                                                                                                                            • API String ID: 0-855681546
                                                                                                                            • Opcode ID: 8e8556112767394ad728746bbbb3b61edd0d73b1b43ec0d517d8d7995e632135
                                                                                                                            • Instruction ID: 08767f484347dc3282a9e826aecb8a957c2c372f62f036fd758afde1ea92b363
                                                                                                                            • Opcode Fuzzy Hash: 8e8556112767394ad728746bbbb3b61edd0d73b1b43ec0d517d8d7995e632135
                                                                                                                            • Instruction Fuzzy Hash: 83517934B042548FC759DF69D4A8AAA7BF6BF88310F1444AAE802EB3A1DE35DC41CF51
                                                                                                                            Function 09658E48 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4Kg
                                                                                                                            • API String ID: 0-3984122407
                                                                                                                            • Opcode ID: 35c5224d6551cd014b49945f1581acbd409d73b8ed97f325226dc75b255a4b86
                                                                                                                            • Instruction ID: 7ce7b1390b3f0f1baf757fa1cf21f0577cff26861b8bc273a1ab2442b593ad34
                                                                                                                            • Opcode Fuzzy Hash: 35c5224d6551cd014b49945f1581acbd409d73b8ed97f325226dc75b255a4b86
                                                                                                                            • Instruction Fuzzy Hash: 9941D130A007459FDB24DF7AD4546AEBBF6AF88350F50856EE80697790DF349849CB90
                                                                                                                            Function 088C7FC0 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4'jq
                                                                                                                            • API String ID: 0-1204115232
                                                                                                                            • Opcode ID: d1fbce0b9a76d850b0be081f4e9e5864fec00f88ea61852e5c2f80dd53b44b72
                                                                                                                            • Instruction ID: eb820ff623f8ec2e1cc6f47791f156f29f7d8668b01e24db2cfb906d86e418d1
                                                                                                                            • Opcode Fuzzy Hash: d1fbce0b9a76d850b0be081f4e9e5864fec00f88ea61852e5c2f80dd53b44b72
                                                                                                                            • Instruction Fuzzy Hash: 7F31D7307453905FC7196B38646856E7F9BAFC6300B1489AED846CB695DE35CC0ACB52
                                                                                                                            Function 0965C571 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq$(nq
                                                                                                                            • API String ID: 0-2974481825
                                                                                                                            • Opcode ID: b9a2f73aa9693eca41a561ea3bdc37b75bbb3f97157bac9908fa8d408bdc411b
                                                                                                                            • Instruction ID: f11a4ec4b546b83f7ab5f27e7eb97d70764c0748fd11eb5e5cb2a2be89c33c90
                                                                                                                            • Opcode Fuzzy Hash: b9a2f73aa9693eca41a561ea3bdc37b75bbb3f97157bac9908fa8d408bdc411b
                                                                                                                            • Instruction Fuzzy Hash: 1D318D70B083449FD745DFB8E815A5E7FF1AF86300F1085AAE801EB3A2EA359D05CB11
                                                                                                                            Function 088CBBF8 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4'jq
                                                                                                                            • API String ID: 0-1204115232
                                                                                                                            • Opcode ID: dd0703a7a26a114c7ca9bfcd80d857f7e6e583d474aaf4ea03758afa9ae5c86c
                                                                                                                            • Instruction ID: 1c7867e711838668632dccd31cfea70f7bc80708235e0d0c9970b227b22e86d8
                                                                                                                            • Opcode Fuzzy Hash: dd0703a7a26a114c7ca9bfcd80d857f7e6e583d474aaf4ea03758afa9ae5c86c
                                                                                                                            • Instruction Fuzzy Hash: FF113D3470060A9FCB18DF29F850A5EBBBAFF84310F104A69E045977A5DB74FD0A8B91
                                                                                                                            Function 088C80DC Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4'jq
                                                                                                                            • API String ID: 0-1204115232
                                                                                                                            • Opcode ID: fd5cea915e2eb243d1996a8ea78a762dbca101c4a5a89021935a5929a715c1cc
                                                                                                                            • Instruction ID: 03b029e35192f9fa7050b6b42430985304339e6d8869b7a3e46f7d9d2f066909
                                                                                                                            • Opcode Fuzzy Hash: fd5cea915e2eb243d1996a8ea78a762dbca101c4a5a89021935a5929a715c1cc
                                                                                                                            • Instruction Fuzzy Hash: 710147309497904FC32A9B38A9604567FEAED8230070485EFC0CAC7976DA74990AC7A1
                                                                                                                            Function 0960C3E0 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$[
                                                                                                                            • API String ID: 0-1362193366
                                                                                                                            • Opcode ID: 0e3facfc76a0da1fff7a5174e92e480e290ae69364e9e9d2e4bfca0d3631f717
                                                                                                                            • Instruction ID: ccf78d30f0a58783ec65d5489cca40384a275a2a8b46a538a3f1a0ad4a4c5983
                                                                                                                            • Opcode Fuzzy Hash: 0e3facfc76a0da1fff7a5174e92e480e290ae69364e9e9d2e4bfca0d3631f717
                                                                                                                            • Instruction Fuzzy Hash: 9801B530210A518FD7299F55D500AE6BFA6FF85318F40C42ED48A43B98CB72B90ADB55
                                                                                                                            Function 088C8090 Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq$4'jq
                                                                                                                            • API String ID: 0-1204115232
                                                                                                                            • Opcode ID: 6e42429960c8e613c52b3f5f9c9435903b0d1cf5b63055e773a7d4c975161060
                                                                                                                            • Instruction ID: 56620fe3c264ae0df7c9eff441e0b5db0932f217c701e1a563a225029daef3a8
                                                                                                                            • Opcode Fuzzy Hash: 6e42429960c8e613c52b3f5f9c9435903b0d1cf5b63055e773a7d4c975161060
                                                                                                                            • Instruction Fuzzy Hash: 8CE092305457205FC258EF2AF65089ABFDFFE8431071089B9D09A83A64DF70ED0D8AA2
                                                                                                                            Function 088C8600 Relevance: 2.0, Instructions: 1981COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5b512c9944a115fa3d46f3ecd8bc07f1fe5178853b3c18291edcd9a723ce2dc5
                                                                                                                            • Instruction ID: e6215b56d71ee6b66e0ff9b2280010ac8dc05350737a67fa494386096349dd2c
                                                                                                                            • Opcode Fuzzy Hash: 5b512c9944a115fa3d46f3ecd8bc07f1fe5178853b3c18291edcd9a723ce2dc5
                                                                                                                            • Instruction Fuzzy Hash: 2623413D902244DFCB659F61CA5A61DBB32FB4A30A730846BEE5266724CFB69C45DF00
                                                                                                                            Function 088C8610 Relevance: 2.0, Instructions: 1978COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e2eb9cc71da75b75d37fe618763aed5991bb54bca6726450c2cb35b9eff0278
                                                                                                                            • Instruction ID: 86d956ef92f457631dd96c8002bc37ffe61b5b1e4442477e32f073b1a3d72740
                                                                                                                            • Opcode Fuzzy Hash: 9e2eb9cc71da75b75d37fe618763aed5991bb54bca6726450c2cb35b9eff0278
                                                                                                                            • Instruction Fuzzy Hash: 4623423D902244DFCB659F61CA5A61DBB32FB4A309730846BEE5266724CFB69C45DF00
                                                                                                                            Function 030E0881 Relevance: 1.7, APIs: 1, Instructions: 245COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e5471e0b29aacfc2b10f78bec1e95c63b648eba22b8d744b3f720c442e80c72
                                                                                                                            • Instruction ID: 42a2c5a9a43a12a17086db1b0aa3a7a77f425caa9bffe416acaad17973c05abf
                                                                                                                            • Opcode Fuzzy Hash: 7e5471e0b29aacfc2b10f78bec1e95c63b648eba22b8d744b3f720c442e80c72
                                                                                                                            • Instruction Fuzzy Hash: 04A1F4387505008FD794DF29C998E2ABBE6FF88714B2585A9E50ACB375DB71EC01CB90
                                                                                                                            Function 08133BA4 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 08133D71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 716092398-0
                                                                                                                            • Opcode ID: fb98a77fe411e90515961fae0c35aa8773055f0d30cee0d723e24c2c374e6ed8
                                                                                                                            • Instruction ID: 90c994c49844bac22b3ca854f5dd9a858be2daaa8e03733666cad392987057d0
                                                                                                                            • Opcode Fuzzy Hash: fb98a77fe411e90515961fae0c35aa8773055f0d30cee0d723e24c2c374e6ed8
                                                                                                                            • Instruction Fuzzy Hash: C1717BB4D04268DFDF21CFA9D984ADEFBB1BF09304F1491AAE418A7221D7349A85CF54
                                                                                                                            Function 08133BB0 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 08133D71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 716092398-0
                                                                                                                            • Opcode ID: a9e6cc0b754f1f6091d19aac2d5cdfc196977ce0faa56241625b217a481a008e
                                                                                                                            • Instruction ID: 263d28aa86672106b292e29a62cc37600fd6107fc83150333a10e484a2709863
                                                                                                                            • Opcode Fuzzy Hash: a9e6cc0b754f1f6091d19aac2d5cdfc196977ce0faa56241625b217a481a008e
                                                                                                                            • Instruction Fuzzy Hash: 23717BB4D00218DFDF21CFA9D984ADEFBB1BF09304F5091AAE818A7221D734A985CF54
                                                                                                                            Function 0965F678 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Hig
                                                                                                                            • API String ID: 0-1803688613
                                                                                                                            • Opcode ID: 93b28afbdda30c330d2f50e5d22911ff0661998c6a15446cfa30a467f7bcb286
                                                                                                                            • Instruction ID: 5e94876eb5dc2dbeb0fc2f57f093e677862eafb1390bfd2b92b5589e55de6021
                                                                                                                            • Opcode Fuzzy Hash: 93b28afbdda30c330d2f50e5d22911ff0661998c6a15446cfa30a467f7bcb286
                                                                                                                            • Instruction Fuzzy Hash: 5412A234901208CFCB29DFB4D19489DBBB2FF89309B60556DD806AB351DB36AD81CF52
                                                                                                                            Function 0820E924 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 0820FE71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235863152.0000000008200000.00000040.00000800.00020000.00000000.sdmp, Offset: 08200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8200000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Create
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2289755597-0
                                                                                                                            • Opcode ID: ed2ba0bb77f1c3db0731bcfa4562ba15dc87195e1fe3b53881f62844eddf0b3d
                                                                                                                            • Instruction ID: f3dd397f162c2d68d08fcd4bef98fd7d81b0eada51bb9d65a84737b132e1f92e
                                                                                                                            • Opcode Fuzzy Hash: ed2ba0bb77f1c3db0731bcfa4562ba15dc87195e1fe3b53881f62844eddf0b3d
                                                                                                                            • Instruction Fuzzy Hash: B3510871D50219CFDB24DFA8C944BDEBBF5AF49300F10809AD509BB351DA756A49CF90
                                                                                                                            Function 030EF000 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 030EF0CB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DuplicateHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3793708945-0
                                                                                                                            • Opcode ID: 7233695bf02a90c2a65563e6a667536f94c2bd4a6252a8edac1be048cdfdef93
                                                                                                                            • Instruction ID: 9df3889e742ad376f484babbe8f0f73fc9dd14acd9134b500ecdd55bd9f07f8b
                                                                                                                            • Opcode Fuzzy Hash: 7233695bf02a90c2a65563e6a667536f94c2bd4a6252a8edac1be048cdfdef93
                                                                                                                            • Instruction Fuzzy Hash: 904155B9D012589FCF10CFA9D984ADEFBF5BB09310F14946AE918BB210D335A945CF94
                                                                                                                            Function 081330B4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 081363E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235686321.0000000008130000.00000040.00000800.00020000.00000000.sdmp, Offset: 08130000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8130000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CallProcWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2714655100-0
                                                                                                                            • Opcode ID: 154e1eb69c88db526654a7b2a4ffcc148b3d56c7724c90f24dc36564bb67946a
                                                                                                                            • Instruction ID: b21e41469662455b87e2c47a6052aa06a4aa6276c0cb9fa24c88af894d623d93
                                                                                                                            • Opcode Fuzzy Hash: 154e1eb69c88db526654a7b2a4ffcc148b3d56c7724c90f24dc36564bb67946a
                                                                                                                            • Instruction Fuzzy Hash: 994125B8900215DFDB14CF99C488AAAFBF5FF88314F24C459E519AB321C374A845CFA0
                                                                                                                            Function 030EC6F8 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryExW.KERNELBASE(?,?,?), ref: 030ECF7A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1029625771-0
                                                                                                                            • Opcode ID: 40afd5af7457a18ebd751c44fb61d687d5616edf706edb711d59803359dee1a5
                                                                                                                            • Instruction ID: 580259d88f76d1023ecf7f6ca1e87eb5936ccbc9bb3a3cdb2642d1ccb22eb9f1
                                                                                                                            • Opcode Fuzzy Hash: 40afd5af7457a18ebd751c44fb61d687d5616edf706edb711d59803359dee1a5
                                                                                                                            • Instruction Fuzzy Hash: 644178B4D012589FDF10CFAAD484A9EFBF5BB49310F14902AE918B7324D335A945CF94
                                                                                                                            Function 0820DFF0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0820E094
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235863152.0000000008200000.00000040.00000800.00020000.00000000.sdmp, Offset: 08200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8200000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 544645111-0
                                                                                                                            • Opcode ID: eef23a619a7c27d2d642a6f77d14b456fa70f361df8df7b302791ee023ff1720
                                                                                                                            • Instruction ID: 7ebd84d9bd0226c47293bef3d344d050bba494b7874f0e324e8850c88c521fc8
                                                                                                                            • Opcode Fuzzy Hash: eef23a619a7c27d2d642a6f77d14b456fa70f361df8df7b302791ee023ff1720
                                                                                                                            • Instruction Fuzzy Hash: 5531A8B8D002089FCF10CFA9D980A9EFBF1BF49310F20942AE818B7210D735A945CF94
                                                                                                                            Function 030ECBD8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNELBASE(?), ref: 030ECC6A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230350407.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_30e0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4139908857-0
                                                                                                                            • Opcode ID: 4142503361e4df26628b0108916034bd2049788d4da9e568fb9a1b474b73e23f
                                                                                                                            • Instruction ID: d8a09d7608f518ddef2837bbae79d940e44267bd04b03eb12fc9a55e9abd8e0e
                                                                                                                            • Opcode Fuzzy Hash: 4142503361e4df26628b0108916034bd2049788d4da9e568fb9a1b474b73e23f
                                                                                                                            • Instruction Fuzzy Hash: 7D31D9B4D002189FCB14CFAAD484ADEFBF5AF49310F14906AE818B7320D335A945CFA4
                                                                                                                            Function 0820E2B0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 0820E32E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235863152.0000000008200000.00000040.00000800.00020000.00000000.sdmp, Offset: 08200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8200000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2591292051-0
                                                                                                                            • Opcode ID: 5c6e3bf83558866e1b312fe07d40b805d129e25918704f876cae39d33cd58635
                                                                                                                            • Instruction ID: bb9a0c1290cd82034abf280f6987f008dc1f7e36f0a338fae3e8362241d950ec
                                                                                                                            • Opcode Fuzzy Hash: 5c6e3bf83558866e1b312fe07d40b805d129e25918704f876cae39d33cd58635
                                                                                                                            • Instruction Fuzzy Hash: 8D31ACB4D112189FCF14CFAAD985AAEFBB4EF49310F14942AE819B7350C734A941CFA4
                                                                                                                            Function 081DD560 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2564639436
                                                                                                                            • Opcode ID: d08167573f94335839645e15393ce073dd63b841c9e5e9f997d388194b814177
                                                                                                                            • Instruction ID: a94c5a1069c0562093550512f767620f611ebda4752222def88fd80030b2d567
                                                                                                                            • Opcode Fuzzy Hash: d08167573f94335839645e15393ce073dd63b841c9e5e9f997d388194b814177
                                                                                                                            • Instruction Fuzzy Hash: 45C15934600602CFC715CF29D980E6ABBF2FF89315B16CA99E45A8B665D730FC46CB90
                                                                                                                            Function 081D6610 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,nq
                                                                                                                            • API String ID: 0-1069744364
                                                                                                                            • Opcode ID: 311941109b791db37d2797c353277ad2e270633a4e8ded06e7200ad49696616b
                                                                                                                            • Instruction ID: d9951dc7b2cfe8d3f4ca598370b26984551c1c41a847e7ab71159e7913035dca
                                                                                                                            • Opcode Fuzzy Hash: 311941109b791db37d2797c353277ad2e270633a4e8ded06e7200ad49696616b
                                                                                                                            • Instruction Fuzzy Hash: 83A1B3707453088FCB596F3C996472E3ADAAFD5212B2554AAD402CF3A5EF25CC06C7B2
                                                                                                                            Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                            • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000042B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocString_malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 959018026-0
                                                                                                                            • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                            • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                            • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                            • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                            Function 096074E0 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: XXjq
                                                                                                                            • API String ID: 0-4114761182
                                                                                                                            • Opcode ID: ad346446fb03ee1902918ec4bca4b2f2ce3c98176c219b6ca4c30ba47aaf45c4
                                                                                                                            • Instruction ID: f44f62333f4f6890b73b86de36e24c06ccb8415059ffeffbfde231fb38547730
                                                                                                                            • Opcode Fuzzy Hash: ad346446fb03ee1902918ec4bca4b2f2ce3c98176c219b6ca4c30ba47aaf45c4
                                                                                                                            • Instruction Fuzzy Hash: 48A19E70B002029FCB18EF79E8A466EBBE6EFC4310F108969D5169B795DF34AC45CB91
                                                                                                                            Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3228130674.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000042B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.3228130674.0000000000470000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 10892065-0
                                                                                                                            • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                            • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                            • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                            • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                            Function 081D4F4C Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,nq
                                                                                                                            • API String ID: 0-1069744364
                                                                                                                            • Opcode ID: 6bb57f8a0cc42cadf481b8736a4ee246be0d112870a4c84f581856d427a7a95a
                                                                                                                            • Instruction ID: 03f9a66ff1354d6d71272ca9ee2e93f7257fff0e420c48f544b50f9a1c295681
                                                                                                                            • Opcode Fuzzy Hash: 6bb57f8a0cc42cadf481b8736a4ee246be0d112870a4c84f581856d427a7a95a
                                                                                                                            • Instruction Fuzzy Hash: 0B916E34740305CFCB299B798554BBE76E7AFC9212B2544AAD806CB3A4EF35CC45CB62
                                                                                                                            Function 0960B820 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: bb94287717d95d5af4f9e357fb2af678c9b9a0333846ea45aff119658eee84fa
                                                                                                                            • Instruction ID: 62f8a2a2ac41d32998deb57464d15ed5a03477a6fcf3d8ead3a5d047d390b27c
                                                                                                                            • Opcode Fuzzy Hash: bb94287717d95d5af4f9e357fb2af678c9b9a0333846ea45aff119658eee84fa
                                                                                                                            • Instruction Fuzzy Hash: 3C916E74A002159FCB44DF78D494AAE7BF2FF89310B1485AAE85ADB3A1DB30DC05CB90
                                                                                                                            Function 0962E948 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: 5e611f8023a3c2f5d051e083c141c5bbb548f93c550659ef2464a0a340dd9fb1
                                                                                                                            • Instruction ID: eb2fd4a2dfcc7c5f8168bd05d6d7302c4d606dbe8f4ff1e365eee4634c26cbac
                                                                                                                            • Opcode Fuzzy Hash: 5e611f8023a3c2f5d051e083c141c5bbb548f93c550659ef2464a0a340dd9fb1
                                                                                                                            • Instruction Fuzzy Hash: 44915A30A002599FCB55DFA9E498AADBBF6FF88300F14846AE406EB394DB359C45CF51
                                                                                                                            Function 09603DA0 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: d9f55775c9ce00de6b616a4c4247fdd7c22fc50de516b095f5f41b503a3d54aa
                                                                                                                            • Instruction ID: 1c87d442e3ed3bee76abefe7cbdbd3c3e51bb85d197b80eb80ba8ad1617fe45b
                                                                                                                            • Opcode Fuzzy Hash: d9f55775c9ce00de6b616a4c4247fdd7c22fc50de516b095f5f41b503a3d54aa
                                                                                                                            • Instruction Fuzzy Hash: 48818F74B002059FDB18DF69D994AAEBBF2FFC8301F14856AE506A7391DB70AC05CB90
                                                                                                                            Function 09656EC7 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: ac83e6c568602e52bcaaa93fadde453f23f790b8a065f9b6c22f037102f43286
                                                                                                                            • Instruction ID: 5b69637dc8901bc49a909f357629d1c5f623325fbedca62bb7cae8f1bdd7a84b
                                                                                                                            • Opcode Fuzzy Hash: ac83e6c568602e52bcaaa93fadde453f23f790b8a065f9b6c22f037102f43286
                                                                                                                            • Instruction Fuzzy Hash: 4B818D35A002459FCB14DF68D4506ADBBF2FF89360F15816AEC06EB350DB31AD86CBA1
                                                                                                                            Function 0965B270 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: 1e9090f113ac4c5d14c8a4ebeb762bc3d4d7ef9f6c7321683a8adb8aa274628f
                                                                                                                            • Instruction ID: 068e68ffaefc3c5fdb80676efba377e95168972cf080a76dc70af4bfef554676
                                                                                                                            • Opcode Fuzzy Hash: 1e9090f113ac4c5d14c8a4ebeb762bc3d4d7ef9f6c7321683a8adb8aa274628f
                                                                                                                            • Instruction Fuzzy Hash: D471C130B042558FCB559F78A4282AEBFE7FFC5301B1544AAD416D7391EE788D06CB52
                                                                                                                            Function 09655E18 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 81g
                                                                                                                            • API String ID: 0-1645397297
                                                                                                                            • Opcode ID: daeb4929d398db7b7cff8845c288973cd6830f66e3a247a8f27d03626442438e
                                                                                                                            • Instruction ID: 2fd57e6cc98bb972b47593b029e6473385f680b3902bbc1029ffe2d43bdac6a2
                                                                                                                            • Opcode Fuzzy Hash: daeb4929d398db7b7cff8845c288973cd6830f66e3a247a8f27d03626442438e
                                                                                                                            • Instruction Fuzzy Hash: C9910B34A10609DFCB04EF69D894AAEBBF6FF88300F148559E546AB364DB70ED45CB90
                                                                                                                            Function 09657480 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: 5d6928aaa751403190365ea5bbaa4413e708a1132b0aab401010b520b9c374ec
                                                                                                                            • Instruction ID: 873bef80fe195e97cf5ac2ef33991843bd3f51f5f5cccd1284412b18f2b90d3c
                                                                                                                            • Opcode Fuzzy Hash: 5d6928aaa751403190365ea5bbaa4413e708a1132b0aab401010b520b9c374ec
                                                                                                                            • Instruction Fuzzy Hash: 67715871A002558FCB19DF78D950AADBBF2AF89310F1581A9E806EB350EB31DD45CBA1
                                                                                                                            Function 0960A368 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 4be8c0a5a78d9e1b7849064c7c81580a37bcd542926c155c6324a89ac93e835f
                                                                                                                            • Instruction ID: b3f1864762ca38c5f9de711b50455d035660997bed93a37089cf62ed6bb0eac8
                                                                                                                            • Opcode Fuzzy Hash: 4be8c0a5a78d9e1b7849064c7c81580a37bcd542926c155c6324a89ac93e835f
                                                                                                                            • Instruction Fuzzy Hash: 5F518434B003518FCB599FB994A866FBBE6EBC8350B14847AE906CB785DE35DC01CB91
                                                                                                                            Function 0965C688 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: 627074f46948d72431e6973191b055d904ee944cac57faa0e2f4e516e8d8f213
                                                                                                                            • Instruction ID: ee2900558d1de63ab0c6ff136030b17f51ab35c267008cffd4058a76197ccbe7
                                                                                                                            • Opcode Fuzzy Hash: 627074f46948d72431e6973191b055d904ee944cac57faa0e2f4e516e8d8f213
                                                                                                                            • Instruction Fuzzy Hash: 1751B1727043118FD724DEA9E880A6BB7E6FBC4320F108A3AE555C7794DB35E845CBA1
                                                                                                                            Function 081D61B8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2564639436
                                                                                                                            • Opcode ID: 0737868da3dcab6d77a2bfdc65fe4492b02854c9754ea56c967eec0b340252af
                                                                                                                            • Instruction ID: 5cd4f830b0f2e58ff821499abcb67d77e8bae7c5639350bd72a19ca241818165
                                                                                                                            • Opcode Fuzzy Hash: 0737868da3dcab6d77a2bfdc65fe4492b02854c9754ea56c967eec0b340252af
                                                                                                                            • Instruction Fuzzy Hash: F6618A34A0060ADFCB14CF99D5809AAFBB6FF88300B14CA69C95997615DB34F851CFA0
                                                                                                                            Function 0960B650 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 6c5f0b4889d19ed81db6ea7c3687c2c90ee2f32732253e2aeeaf446672b7284e
                                                                                                                            • Instruction ID: 8428fd7bdacea69e639404607759db2ed9c2c2d33d20e806651830bdb76fccb6
                                                                                                                            • Opcode Fuzzy Hash: 6c5f0b4889d19ed81db6ea7c3687c2c90ee2f32732253e2aeeaf446672b7284e
                                                                                                                            • Instruction Fuzzy Hash: 8251B234B002119FCB18DF79D59496BBBEAEFC8350B148069E94AD7755EA31EC01CBA1
                                                                                                                            Function 0965EAF8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 3f$
                                                                                                                            • API String ID: 0-1648451673
                                                                                                                            • Opcode ID: 083f1bb769233e99e9734088a98af1a10ca9a458294533c3a1a5a883786f79d0
                                                                                                                            • Instruction ID: eee8c7799da0191747c594cd4c3ba733fcf5639a59ef2677b8bcd329b8ec8da1
                                                                                                                            • Opcode Fuzzy Hash: 083f1bb769233e99e9734088a98af1a10ca9a458294533c3a1a5a883786f79d0
                                                                                                                            • Instruction Fuzzy Hash: 4A610475A00208EFCB45CF68E584E9DBBB2FF88320F158559F8069B361D731E995CB50
                                                                                                                            Function 09658C18 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: 3d9394725734a49433b238284e6cdd35806913c145a1c0c7e4515f79b728b955
                                                                                                                            • Instruction ID: da33e34704625093ce5e69162513216052b6d8ca53c0f933b2f4a95f1226a1c7
                                                                                                                            • Opcode Fuzzy Hash: 3d9394725734a49433b238284e6cdd35806913c145a1c0c7e4515f79b728b955
                                                                                                                            • Instruction Fuzzy Hash: E5514530A002489FCB05EF68D854AADBBF6FF89300F158569E406AB3A5DF749D46CB51
                                                                                                                            Function 081D1FC8 Relevance: 1.4, Instructions: 1403COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 257d0ff7ea08f17b72feaee14711e05ebe9e412904d8ca96179bb65dd5327504
                                                                                                                            • Instruction ID: c1f600dcf81674a19cf68eb2fcf50c5883cdcb4400ded63e633c95c5d0247ee0
                                                                                                                            • Opcode Fuzzy Hash: 257d0ff7ea08f17b72feaee14711e05ebe9e412904d8ca96179bb65dd5327504
                                                                                                                            • Instruction Fuzzy Hash: 1AE23A74A40228DFDB14AF54ED54BADBB72EF89300F1088E9D9092B795CB351E82DF64
                                                                                                                            Function 09626C0A Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: h.[
                                                                                                                            • API String ID: 0-3449181985
                                                                                                                            • Opcode ID: 0156a326e5b3b0eac1584d7c5666e4e507e4cf6712693112560e29be0fd9be9e
                                                                                                                            • Instruction ID: 2ae81fbb71a256ce39f8ef09a82269f459f5c71f17194800f3317fe22c238c2c
                                                                                                                            • Opcode Fuzzy Hash: 0156a326e5b3b0eac1584d7c5666e4e507e4cf6712693112560e29be0fd9be9e
                                                                                                                            • Instruction Fuzzy Hash: 0A516B34A047989FCB15CF69D458AA9BFB2BF89310F1440AAE841EB3A1DB319C45CF51
                                                                                                                            Function 081DBDD0 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,nq
                                                                                                                            • API String ID: 0-1069744364
                                                                                                                            • Opcode ID: 2577029bff129e77c5b72212c1a5a7f36a6cd888f23a3b1df3695388dfdcf51f
                                                                                                                            • Instruction ID: e1ec9481421995b46370f96b0dbf41e724c06a64d98daea9ce88f86b7bda0588
                                                                                                                            • Opcode Fuzzy Hash: 2577029bff129e77c5b72212c1a5a7f36a6cd888f23a3b1df3695388dfdcf51f
                                                                                                                            • Instruction Fuzzy Hash: 6A4130357042148FC714EF39D498A2A7BEAEF8972171640AEE50ACB372DB71DC41CB60
                                                                                                                            Function 0960C228 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: za
                                                                                                                            • API String ID: 0-1996689074
                                                                                                                            • Opcode ID: 4967450127d4616fa55264b2fdf9cd639c00a7e171569aeed1cd8f7b5a394e41
                                                                                                                            • Instruction ID: 3013f3e49caee7b2f933f3241c4d0196970b17883476ee2a0395fc25d73233b1
                                                                                                                            • Opcode Fuzzy Hash: 4967450127d4616fa55264b2fdf9cd639c00a7e171569aeed1cd8f7b5a394e41
                                                                                                                            • Instruction Fuzzy Hash: 06519A316406408FC719DF39E49892ABBE6FFC9310B1485AAE44ACB7B5DB75EC09CB50
                                                                                                                            Function 096550A0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8(g
                                                                                                                            • API String ID: 0-1910857166
                                                                                                                            • Opcode ID: fd21f354c449e29ec270598d19d246be80fe3067b8d61bf91331a4680ec2aa3e
                                                                                                                            • Instruction ID: e3bea6e416d34f2ceda8d91d55928b5cd8f6ab0ff51b88b3da3c60fe2e7d3303
                                                                                                                            • Opcode Fuzzy Hash: fd21f354c449e29ec270598d19d246be80fe3067b8d61bf91331a4680ec2aa3e
                                                                                                                            • Instruction Fuzzy Hash: A7518231A00218DFCB24DFA9D898A9DBBB5FF85310F25816DE906A7351DB70AD45CF40
                                                                                                                            Function 096005F0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: <]
                                                                                                                            • API String ID: 0-3853029611
                                                                                                                            • Opcode ID: 91e89008ea66f6e8355dcc48d7ff46902bd7d80cee8ccc128e4ceae7fca20597
                                                                                                                            • Instruction ID: e0a5f993656d5eed80b254ef9347472fe35729d72996118d6b29ed237e8c1eea
                                                                                                                            • Opcode Fuzzy Hash: 91e89008ea66f6e8355dcc48d7ff46902bd7d80cee8ccc128e4ceae7fca20597
                                                                                                                            • Instruction Fuzzy Hash: 7E419E75B006458FCB09DF65D9A4AAEBBF6FFC5710B10806AE905DB3A0DB34AD01CB90
                                                                                                                            Function 081DAEA0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: c327d57b1e3ebd65a8360ee874c96071c09347bd46e3c078828cb3819232806c
                                                                                                                            • Instruction ID: 4aafba773426991c6aa50f168e9c26364c05ddf83d0628137157d517fccf0f17
                                                                                                                            • Opcode Fuzzy Hash: c327d57b1e3ebd65a8360ee874c96071c09347bd46e3c078828cb3819232806c
                                                                                                                            • Instruction Fuzzy Hash: 2B41AE35B00615CFCB14CF58C080A6AB7F2FF89325B1AC699D466EB351CB34E802CB64
                                                                                                                            Function 0965F32D Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,dg
                                                                                                                            • API String ID: 0-3609127330
                                                                                                                            • Opcode ID: 1928ab3022420126ea367c0bd6f01ae81dddbb5d2deb43dee98205a94c3546aa
                                                                                                                            • Instruction ID: ea97c75095f8bf001b89247e5e9206a49aecc89e80ef3e33fabc36c4f4f06348
                                                                                                                            • Opcode Fuzzy Hash: 1928ab3022420126ea367c0bd6f01ae81dddbb5d2deb43dee98205a94c3546aa
                                                                                                                            • Instruction Fuzzy Hash: E541F674A01204DFDB04DFA4D584A9DB7F6FF48305F108069E906A7360DB72AD46CB51
                                                                                                                            Function 09621E60 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LRjq
                                                                                                                            • API String ID: 0-665714880
                                                                                                                            • Opcode ID: f830a53572202e7b1a963523a49838403843de065b48cb005b5a5f9e3b054d67
                                                                                                                            • Instruction ID: 208b45e261a182cf462498fe66df6520238be0898c830158117a5a9f77a82e7a
                                                                                                                            • Opcode Fuzzy Hash: f830a53572202e7b1a963523a49838403843de065b48cb005b5a5f9e3b054d67
                                                                                                                            • Instruction Fuzzy Hash: 2121FF3530C6268BD7048F2AE854A2A77A6ABC5740F51C12AE5468F3A4DF30DC02CB90
                                                                                                                            Function 0960AD71 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (nq
                                                                                                                            • API String ID: 0-2756854522
                                                                                                                            • Opcode ID: d66017d8c4dd8f65c32cbff513145b01e38d17592f88e0ea74fe522eaeedcf71
                                                                                                                            • Instruction ID: 7214b16a2ea7455bc7c82370db05025265dbe5fa17ffe98f3b8747ac7dcd990b
                                                                                                                            • Opcode Fuzzy Hash: d66017d8c4dd8f65c32cbff513145b01e38d17592f88e0ea74fe522eaeedcf71
                                                                                                                            • Instruction Fuzzy Hash: 47212830B093915FC31A9F38946455A7FF2AFC6310B1980EBD446CF7A2CA398C45C791
                                                                                                                            Function 0962E010 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: p[
                                                                                                                            • API String ID: 0-3093361624
                                                                                                                            • Opcode ID: bbcbaff9304029bab1049884d2c40f43c7d11fae5d894dc6b0a4ccf390f403e5
                                                                                                                            • Instruction ID: 1dac026c357b4eda92811059ea7ec0bb1c072ae309cd80c3a01db0a915485f66
                                                                                                                            • Opcode Fuzzy Hash: bbcbaff9304029bab1049884d2c40f43c7d11fae5d894dc6b0a4ccf390f403e5
                                                                                                                            • Instruction Fuzzy Hash: 23212031A002619F872A8B79E45546E7BEAFFCA321324447EE41AC7740DA369C06CB91
                                                                                                                            Function 096099D2 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: X20
                                                                                                                            • API String ID: 0-2928166904
                                                                                                                            • Opcode ID: b6f7cd7eaa3fb9d7c61abbe477d9f1fc82bdb2982b533302afe9ca2ec40ba5b8
                                                                                                                            • Instruction ID: acf00f8a8bd71c3149a5ee44616054357f90a32f686d3f3ede9211988633ce60
                                                                                                                            • Opcode Fuzzy Hash: b6f7cd7eaa3fb9d7c61abbe477d9f1fc82bdb2982b533302afe9ca2ec40ba5b8
                                                                                                                            • Instruction Fuzzy Hash: C921A134B002145FCB18AF79985566E7BE7EFC9350F10806EF906EB392DE709D058B95
                                                                                                                            Function 09600740 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 042b769384344257c884d03598813c1b88f5ea6a8119599bf022cc0aed9c203e
                                                                                                                            • Instruction ID: 7602e2d7043e368e6e84e9e6a661f92b64c7f78d7faddb5e0970cb51452083b6
                                                                                                                            • Opcode Fuzzy Hash: 042b769384344257c884d03598813c1b88f5ea6a8119599bf022cc0aed9c203e
                                                                                                                            • Instruction Fuzzy Hash: E0219574B401056FCB08EF69A451ABEBBEAEFC5310F108069D105EB395DE719D068BA1
                                                                                                                            Function 0960B5F8 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 6de56fb795820bb96e14731c630bf6bcb37f245bdca8875b048f329cb6fb789c
                                                                                                                            • Instruction ID: aa6cd5688b169ec1f4a9eee7b224b8ff2f6fe3e9bfdd3e82c60269e54c64eb2e
                                                                                                                            • Opcode Fuzzy Hash: 6de56fb795820bb96e14731c630bf6bcb37f245bdca8875b048f329cb6fb789c
                                                                                                                            • Instruction Fuzzy Hash: 19215030B142024FCB19DF78C6E195ABBFAEFD5250715806AD446CB3A5DB74EC02CBA5
                                                                                                                            Function 0960B640 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 1c7d7a197c9f681a1b0f8f5c54e8de5b4cdf9daab365888bd3a2932140239593
                                                                                                                            • Instruction ID: 4d967361cef90e25f0a5024285e12f598953c97d0a644dce49cd534892894756
                                                                                                                            • Opcode Fuzzy Hash: 1c7d7a197c9f681a1b0f8f5c54e8de5b4cdf9daab365888bd3a2932140239593
                                                                                                                            • Instruction Fuzzy Hash: 26116034B102055F8B08DF7DD99196FBBE9EFC5250714806AE94AD7395DA31EC018BA1
                                                                                                                            Function 09609A2F Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: X20
                                                                                                                            • API String ID: 0-2928166904
                                                                                                                            • Opcode ID: 8646ba9f412df2e754800de58739de7af7b57e4ec633b2d10f99b0fe69544c4c
                                                                                                                            • Instruction ID: ce4e4dddbdd6c2916ac6029731fa97b0f5f879a93a496f58d87daf75569585fc
                                                                                                                            • Opcode Fuzzy Hash: 8646ba9f412df2e754800de58739de7af7b57e4ec633b2d10f99b0fe69544c4c
                                                                                                                            • Instruction Fuzzy Hash: 52114F357002046FCB18AF79989466EBBE7EBC9350F10842DF906EB385DE709D059B95
                                                                                                                            Function 0965524A Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8(g
                                                                                                                            • API String ID: 0-1910857166
                                                                                                                            • Opcode ID: 96e001ff62cd65531e245f7c129a5416b58877de8742dc11a9a34aba9b386be3
                                                                                                                            • Instruction ID: 3bbff257d79e886f9c7870050630585c02755b51b3b8e8e20c3360980adecee0
                                                                                                                            • Opcode Fuzzy Hash: 96e001ff62cd65531e245f7c129a5416b58877de8742dc11a9a34aba9b386be3
                                                                                                                            • Instruction Fuzzy Hash: 3D218331B00148DFDB14DFA8D854AADBBB5FB88314F24416DE916A73A1DB715C46CF50
                                                                                                                            Function 096525F4 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: bf7b3c9ad9cbca5ef09ba53bfe6d179913c91398bb5330d62ad4d612c657c3cb
                                                                                                                            • Instruction ID: be209a9b07d804b4f3cfa2895275cdc9fdde780a6344da07e2e72bd94216e11f
                                                                                                                            • Opcode Fuzzy Hash: bf7b3c9ad9cbca5ef09ba53bfe6d179913c91398bb5330d62ad4d612c657c3cb
                                                                                                                            • Instruction Fuzzy Hash: EE21F870E002099FDB44DFA8E5556AEBBF2FF88300F208069D816A7394DB759D45CF60
                                                                                                                            Function 09600750 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 1c6d85bd40c110a80736602828224d47461b14ccbcd222c2953ec069af7b7250
                                                                                                                            • Instruction ID: c98270e27fbca06fc79dcd0e9b494e1207edc3714e554922d6cb33a089afd3fc
                                                                                                                            • Opcode Fuzzy Hash: 1c6d85bd40c110a80736602828224d47461b14ccbcd222c2953ec069af7b7250
                                                                                                                            • Instruction Fuzzy Hash: 23117574B001056BCB18EF69E851AAEBBEAEFC5210F108069E105AB394DE71AD058BA5
                                                                                                                            Function 09609A40 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: X20
                                                                                                                            • API String ID: 0-2928166904
                                                                                                                            • Opcode ID: 4a71d10b8268743bb9067a250ac94dfb94e44a46ae1ce4f11f49480639ce57d8
                                                                                                                            • Instruction ID: dfd7d0d40c0492b2653d9f3de66af8a83b80c485e3cbaeefbed4838288f78a4d
                                                                                                                            • Opcode Fuzzy Hash: 4a71d10b8268743bb9067a250ac94dfb94e44a46ae1ce4f11f49480639ce57d8
                                                                                                                            • Instruction Fuzzy Hash: 37118235B001045FCB18AFB9985467E7BEBEBC9350F108029F906EB381DE709D055B95
                                                                                                                            Function 0965E150 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (_jq
                                                                                                                            • API String ID: 0-2603807687
                                                                                                                            • Opcode ID: 1fdf185f953e86c0c209b2a269779bc214747b850b81e223badbc0172dada418
                                                                                                                            • Instruction ID: fd793a1785e826b5bb33c69d9db5ca7b1a625b2355ee24ffc5818f3b0db532bb
                                                                                                                            • Opcode Fuzzy Hash: 1fdf185f953e86c0c209b2a269779bc214747b850b81e223badbc0172dada418
                                                                                                                            • Instruction Fuzzy Hash: 0B118E363101649FCF055FB8E41899DBFE6EB88321B058866F50AC7B61CE76D811DB45
                                                                                                                            Function 0960A358 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 31009ba3c55b8b38f3acc186a89e960d8601e5f745efd20b4a4e3ae958b246e4
                                                                                                                            • Instruction ID: 1f48a9575af8638aac112546730ffc9155b5a634420d95d3182c7830d174a7cd
                                                                                                                            • Opcode Fuzzy Hash: 31009ba3c55b8b38f3acc186a89e960d8601e5f745efd20b4a4e3ae958b246e4
                                                                                                                            • Instruction Fuzzy Hash: E311A934B002154F8B18CF6D94E95AFBBEAEFC8350714806AE809DB389DF31DC0587A1
                                                                                                                            Function 09655B56 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .\e
                                                                                                                            • API String ID: 0-1700394883
                                                                                                                            • Opcode ID: 6c75cdc984785539998cf4416ec2397f300f5f1777d25413a93ee37aa684df2b
                                                                                                                            • Instruction ID: 322b19329cf6d43b6ce9b12d7cf11984e299f1e706d3659705f3d0dee5f9018f
                                                                                                                            • Opcode Fuzzy Hash: 6c75cdc984785539998cf4416ec2397f300f5f1777d25413a93ee37aa684df2b
                                                                                                                            • Instruction Fuzzy Hash: 57217F75E042488FCB15DFB4C968ADDBFF1AF4A310F1444AAE842BB3A1DB359941CB61
                                                                                                                            Function 088CCFD0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: p0
                                                                                                                            • API String ID: 0-1047085492
                                                                                                                            • Opcode ID: 0541f3d234e34390b404a7b527fb15c6642c5b2d8167ffc0c92f89c532298544
                                                                                                                            • Instruction ID: 1fd54dad396da209e8685653f8012f1b0e66c4f9936c57632e4e557fb167559d
                                                                                                                            • Opcode Fuzzy Hash: 0541f3d234e34390b404a7b527fb15c6642c5b2d8167ffc0c92f89c532298544
                                                                                                                            • Instruction Fuzzy Hash: 7C012A343007409FC364AA6AA85472A7BEBFBC4215F10086DE15787B84CEB1E84A9B51
                                                                                                                            Function 0962D7B0 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: D
                                                                                                                            • API String ID: 0-167290425
                                                                                                                            • Opcode ID: b8123261974c6864375926656e9675522c83ac8c9467847d04d378c28fba7522
                                                                                                                            • Instruction ID: 1458aa258720501404494fdcc3161a81bbcbd2b591020f1951f30a5a3d7db185
                                                                                                                            • Opcode Fuzzy Hash: b8123261974c6864375926656e9675522c83ac8c9467847d04d378c28fba7522
                                                                                                                            • Instruction Fuzzy Hash: B001D43AB056505FC7158F19E4A896EBBEAEFC4320325805AF806CB359CF78CC06CB91
                                                                                                                            Function 096036DE Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: u7`
                                                                                                                            • API String ID: 0-1084272548
                                                                                                                            • Opcode ID: 8e874432dd6526bf98ade3a1f3bd80b3e043509c9dec08a2305a462e118387dc
                                                                                                                            • Instruction ID: 1dd625ea863212b9f52d9455f28433e36d9abf6f6785bdcbd6b383ca57df4de9
                                                                                                                            • Opcode Fuzzy Hash: 8e874432dd6526bf98ade3a1f3bd80b3e043509c9dec08a2305a462e118387dc
                                                                                                                            • Instruction Fuzzy Hash: 46119135A042198FDB08DFA9C994DDEBBF1AF8D310F048069E405BB351D775AD40CBA0
                                                                                                                            Function 02BD7E3D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02BD7E8E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229402484.0000000002BD7000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD7000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2bd7000_WCDVlB5SDr.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                            • Instruction ID: 59ca6c051818cbb549cf66a077fffbf1fe82c0e13a3fa9266c7a7958bdd75557
                                                                                                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                            • Instruction Fuzzy Hash: 94110D79A00208EFDB01DF98C985E99BBF5AF08751F158094F9489B361E771EA50DF90
                                                                                                                            Function 09655B94 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .\e
                                                                                                                            • API String ID: 0-1700394883
                                                                                                                            • Opcode ID: 8129cb8ba7860c9306792d9d351d4e34aad9d8b9268ffa39ba9e855dc4b3bf6f
                                                                                                                            • Instruction ID: fdc4da8aeb41e30d07e189c75ddc8e2883997528daa6477038f18fb62c36b34c
                                                                                                                            • Opcode Fuzzy Hash: 8129cb8ba7860c9306792d9d351d4e34aad9d8b9268ffa39ba9e855dc4b3bf6f
                                                                                                                            • Instruction Fuzzy Hash: 30112A75D002198FDB18DFA5C958AEDBBF2BF48300F148469E802BB350DB759D40CBA4
                                                                                                                            Function 09655B98 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .\e
                                                                                                                            • API String ID: 0-1700394883
                                                                                                                            • Opcode ID: 93e7c7fc3d4bb13a9dcde15a7f64c60f5113196564da3db449ec7bcc5f779d0c
                                                                                                                            • Instruction ID: 6dc901e768ab6632850b6809aff5c292c057c113a17178aea8b20e13dd4b6b68
                                                                                                                            • Opcode Fuzzy Hash: 93e7c7fc3d4bb13a9dcde15a7f64c60f5113196564da3db449ec7bcc5f779d0c
                                                                                                                            • Instruction Fuzzy Hash: 6F110975E042598FDB18DFA9C958AEDBBF2AF4C300F148469E802BB350DB759D40CBA4
                                                                                                                            Function 09651AD8 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq
                                                                                                                            • API String ID: 0-3676250632
                                                                                                                            • Opcode ID: 5629fc8f3ff6dcefdc6d180ccda58eed2750a6e7a9dd8999b4c0c80fad799388
                                                                                                                            • Instruction ID: eaeb5c7508207f832ae647ccb758a53d5dc706e34c87ed7dd95256dd6957fca0
                                                                                                                            • Opcode Fuzzy Hash: 5629fc8f3ff6dcefdc6d180ccda58eed2750a6e7a9dd8999b4c0c80fad799388
                                                                                                                            • Instruction Fuzzy Hash: CC0156302446458FC715DF28E95099ABFEEFF80310B008A7994458BA69D7B4ED09CB90
                                                                                                                            Function 0962BCD0 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: d43107676da3d564be96264f359ee77d6d4c5022a9faf9cec39c333d706a5f48
                                                                                                                            • Instruction ID: 82450442187fc47ff8024efff0fec91691aafc352c48e21bc44eee9838fa8e8d
                                                                                                                            • Opcode Fuzzy Hash: d43107676da3d564be96264f359ee77d6d4c5022a9faf9cec39c333d706a5f48
                                                                                                                            • Instruction Fuzzy Hash: D3016235B001249B8B14DBBDE81559EBBF9EFC9211B04816AE81AD3350EB30E9058BD1
                                                                                                                            Function 09655027 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8!g
                                                                                                                            • API String ID: 0-2117363265
                                                                                                                            • Opcode ID: 28b4f07ed02c143c08cbe7995d9683e6477604a9af0b43df3a48b0ecabe5aa3e
                                                                                                                            • Instruction ID: 8531d92293e740e651c34d641998c38b5d4bd9546ddc570619ac69b7e028b844
                                                                                                                            • Opcode Fuzzy Hash: 28b4f07ed02c143c08cbe7995d9683e6477604a9af0b43df3a48b0ecabe5aa3e
                                                                                                                            • Instruction Fuzzy Hash: 87018C31A007059FCB10DF69E88488AFBF5FF89314B10866ED45A97711E770A90ACB90
                                                                                                                            Function 081DB638 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq
                                                                                                                            • API String ID: 0-3676250632
                                                                                                                            • Opcode ID: 974f3ce6d5cbc3c6a757b7365bad4ead3588b32d3015f1b3d134a8ac6079aaa6
                                                                                                                            • Instruction ID: f56b713a150ef53a01b15b39c714488251cb486ee4ae65c3c7ba8c8b80142b76
                                                                                                                            • Opcode Fuzzy Hash: 974f3ce6d5cbc3c6a757b7365bad4ead3588b32d3015f1b3d134a8ac6079aaa6
                                                                                                                            • Instruction Fuzzy Hash: 0301D6303402004FC6599B2CF8609AE7BEBDFC62113550569D44A8B765EE24AD0A87B1
                                                                                                                            Function 09609AF8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: c39017cf510041d7f2869e609769424dee3bdcf5c4627ae6f6703bbf6d8492f7
                                                                                                                            • Instruction ID: 38cef88d2afe76bc4b299b831055dde36a8f359adb43a893a9c1219079f75f22
                                                                                                                            • Opcode Fuzzy Hash: c39017cf510041d7f2869e609769424dee3bdcf5c4627ae6f6703bbf6d8492f7
                                                                                                                            • Instruction Fuzzy Hash: A6F054317482241F87189AAD68955BBBBEADFCA260314816BD10EDB362DA619C0287A1
                                                                                                                            Function 09655038 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8!g
                                                                                                                            • API String ID: 0-2117363265
                                                                                                                            • Opcode ID: cce0c4916609b5ace302c182e2ba07ffdb69f1357a9ab8d09c55bb1e49120889
                                                                                                                            • Instruction ID: 1dd6356f3b61f44eb2022c451ba39ad021a6c79a482a2d3fed45a8c95708f4ca
                                                                                                                            • Opcode Fuzzy Hash: cce0c4916609b5ace302c182e2ba07ffdb69f1357a9ab8d09c55bb1e49120889
                                                                                                                            • Instruction Fuzzy Hash: F2011D71A007099F8710EF69E88088AFBF9FF89250B00C66AD55997714EB70F959CBD0
                                                                                                                            Function 096593A4 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LUg
                                                                                                                            • API String ID: 0-3381760262
                                                                                                                            • Opcode ID: eb48757b76fe9b817ed74d426bc66e977fa1b32f89d13998d89e3d7edc492c39
                                                                                                                            • Instruction ID: 9d450c63f7b8e79f0ac13947a6943ab798c1e43dccf9ef8532aee190735eb841
                                                                                                                            • Opcode Fuzzy Hash: eb48757b76fe9b817ed74d426bc66e977fa1b32f89d13998d89e3d7edc492c39
                                                                                                                            • Instruction Fuzzy Hash: FB01E871640B049FC324DF2AD984957FBF9EF88310B048A2AE44AC7675DB71F849CB94
                                                                                                                            Function 0960C370 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: za
                                                                                                                            • API String ID: 0-1996689074
                                                                                                                            • Opcode ID: bc6e8cf319f3ab8f351976383e1b71afff8e98faeb5966d2385a2c3e95b1c509
                                                                                                                            • Instruction ID: 198ea8ae0f251d1c202eba46b8dcfa5c9538541eff0ddd1e108a99447aa208b7
                                                                                                                            • Opcode Fuzzy Hash: bc6e8cf319f3ab8f351976383e1b71afff8e98faeb5966d2385a2c3e95b1c509
                                                                                                                            • Instruction Fuzzy Hash: 85F0F6316043415FC319DF6ABD5086ABFAAFFC1210B54857AD00A87665CFB55D0D8B60
                                                                                                                            Function 088C2BBF Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: v0
                                                                                                                            • API String ID: 0-3719928771
                                                                                                                            • Opcode ID: 7f6c16fcc50f42b9b01cd914db5eb0d305b1bff057f089982bd169ebb4eb2015
                                                                                                                            • Instruction ID: 78ce580118e7ee010a488d3dca63720c561a0813c6c5573d73540993e53d7854
                                                                                                                            • Opcode Fuzzy Hash: 7f6c16fcc50f42b9b01cd914db5eb0d305b1bff057f089982bd169ebb4eb2015
                                                                                                                            • Instruction Fuzzy Hash: 58F054312052806FC7095B79B86869A7FEEEFC6310F1441EFE15AC7691CA6558058B72
                                                                                                                            Function 096572C0 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2625405595
                                                                                                                            • Opcode ID: b18c688330a743690d4145c550f4d109b031ae931e3648c64ae6ec47e692ba28
                                                                                                                            • Instruction ID: 9473888727b3c3fba35ec9956d25a15f1310c2082dce7029bccc6d5a7cf9b752
                                                                                                                            • Opcode Fuzzy Hash: b18c688330a743690d4145c550f4d109b031ae931e3648c64ae6ec47e692ba28
                                                                                                                            • Instruction Fuzzy Hash: 43F08231B043485FCB05AE68ACA09AEBF69EFC6220F00856BF80697261DE758C15D7A1
                                                                                                                            Function 09609B08 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xx0
                                                                                                                            • API String ID: 0-1941430480
                                                                                                                            • Opcode ID: 2be3e2494220d9506e4d933739c06b6770671c9fc207ab4e94c379b607166d51
                                                                                                                            • Instruction ID: 68c70a79deecdfd6e12c092074d97fcb37e32325069f01327ce5489899f09cb6
                                                                                                                            • Opcode Fuzzy Hash: 2be3e2494220d9506e4d933739c06b6770671c9fc207ab4e94c379b607166d51
                                                                                                                            • Instruction Fuzzy Hash: 5FE09A317041281B4A189AAE5C9193FABDFDBC92A0354802AE50ED7386DEA1EC0242E1
                                                                                                                            Function 088C2D40 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq
                                                                                                                            • API String ID: 0-3676250632
                                                                                                                            • Opcode ID: 43a2938838fe11452ddcb398aa20ab383f0d2a73c5ad660fde737e3fe6fa2ad2
                                                                                                                            • Instruction ID: 47d0c16add2480d1f84818d4a373ac56880892704d4eed91060fe369f07e236b
                                                                                                                            • Opcode Fuzzy Hash: 43a2938838fe11452ddcb398aa20ab383f0d2a73c5ad660fde737e3fe6fa2ad2
                                                                                                                            • Instruction Fuzzy Hash: 25F02430A01249AFCB08EFA9E95559DBFB9EF84300F2045AA9455A7259EA305A04CF51
                                                                                                                            Function 09622EF0 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (n\
                                                                                                                            • API String ID: 0-1767445531
                                                                                                                            • Opcode ID: b242fbc79a398b6117d334808ddfa67b35d971e9a7a6c1515929bd9a0ae90f08
                                                                                                                            • Instruction ID: ab7a8a70742165cd2c1a1d51d44b3d1947208d4c507a07f679acfcfda9de284d
                                                                                                                            • Opcode Fuzzy Hash: b242fbc79a398b6117d334808ddfa67b35d971e9a7a6c1515929bd9a0ae90f08
                                                                                                                            • Instruction Fuzzy Hash: 6AE030312005155BC204EA5AE851A5AB79AEFC0361F548939E01987758DF74ED458BD1
                                                                                                                            Function 081D0C10 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'jq
                                                                                                                            • API String ID: 0-3676250632
                                                                                                                            • Opcode ID: c4c972119d6db8a161025b0eaf1dad6118788572a4598d8764955911b4c9e719
                                                                                                                            • Instruction ID: d3488c682a787ed1acb632ba07ca07abcd1cd08706527849c3c9b49724c07d69
                                                                                                                            • Opcode Fuzzy Hash: c4c972119d6db8a161025b0eaf1dad6118788572a4598d8764955911b4c9e719
                                                                                                                            • Instruction Fuzzy Hash: D0D0A7311463606FC70A1F28B8104C93FF6EF6B32170516DED0C697562CB280D0F87A5
                                                                                                                            Function 088C72E0 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: \%0
                                                                                                                            • API String ID: 0-948135258
                                                                                                                            • Opcode ID: 1166f1b2995d111973c1b08139d2a222220ff50b06767e3d8851d42c33a85770
                                                                                                                            • Instruction ID: e84e4dd9704d0e43f4dcd8a4cc764e6ce33db5e363eba1596575a52a450828ea
                                                                                                                            • Opcode Fuzzy Hash: 1166f1b2995d111973c1b08139d2a222220ff50b06767e3d8851d42c33a85770
                                                                                                                            • Instruction Fuzzy Hash: 0DD0A7717003202BC740AE4C707821BAADBCBC8321F2880ABE514CF3C4DDB04C054FA9
                                                                                                                            Function 088CADF0 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: k9Y!0
                                                                                                                            • API String ID: 0-1825060378
                                                                                                                            • Opcode ID: eb155fef10058b4000fe6e66104acbbee7b2e479ded1ac0c82bbb329a4812d05
                                                                                                                            • Instruction ID: 1ce493173f261b7e608f6523da81fd711dd3281e3cd2e1f7bb6e9baad5e5a6fe
                                                                                                                            • Opcode Fuzzy Hash: eb155fef10058b4000fe6e66104acbbee7b2e479ded1ac0c82bbb329a4812d05
                                                                                                                            • Instruction Fuzzy Hash: A5D01272A442186F4B05EAFD54504DE7FDDDA84570F10456FD509E7241ED715A4042D9
                                                                                                                            Function 08A63838 Relevance: .7, Instructions: 734COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 928fc9029f626152ec82d6eda79305a871cf2f56963ac135d065f3f7c272d34f
                                                                                                                            • Instruction ID: 62ebe7fec77f8e2b28e85f0888eb3ae80f59c624c20c519d21f40a3e789de4fb
                                                                                                                            • Opcode Fuzzy Hash: 928fc9029f626152ec82d6eda79305a871cf2f56963ac135d065f3f7c272d34f
                                                                                                                            • Instruction Fuzzy Hash: 33522734B402149FDB04CF68C994EAEBBB6FF88704F158099E60ADB3A5DA75EC45CB50
                                                                                                                            Function 08A600D8 Relevance: .7, Instructions: 676COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 09064d6a22ae653b25a0bc5c287bbc6ca0e3fdb835bccd7ef4a10b9cf5ecaae8
                                                                                                                            • Instruction ID: 3f37c749baaca92900c0908a11894760c460cafe94ccfe221d3408c324c64b6b
                                                                                                                            • Opcode Fuzzy Hash: 09064d6a22ae653b25a0bc5c287bbc6ca0e3fdb835bccd7ef4a10b9cf5ecaae8
                                                                                                                            • Instruction Fuzzy Hash: D042A9307406149FCB24AFB8A44462EBBB6FF85710F014A6CD543AB7A5CF79ED098B91
                                                                                                                            Function 0965EB08 Relevance: .5, Instructions: 514COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 22a0ca76acb8beb9f6d536d2439d1f84652ec3af086df298f6cf45d17629bd3f
                                                                                                                            • Instruction ID: 496ab3644ad0a733ba4db3c8b24a6271b9576b669b8188fa94f5f044e5a56fc0
                                                                                                                            • Opcode Fuzzy Hash: 22a0ca76acb8beb9f6d536d2439d1f84652ec3af086df298f6cf45d17629bd3f
                                                                                                                            • Instruction Fuzzy Hash: 77129A34B00244AFCB15DF68D494A6EBBB2FF89310F1585AAE806DB3A1DB35ED41CB51
                                                                                                                            Function 081DC032 Relevance: .5, Instructions: 499COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2760ee4adbfb18ec4eaa6d4f311455f6fa3682a83b61f82c616ae5087ae3640e
                                                                                                                            • Instruction ID: 8798a3cc84da5518b348040f12caa8714b822025c4b9798c91e2d501c2566590
                                                                                                                            • Opcode Fuzzy Hash: 2760ee4adbfb18ec4eaa6d4f311455f6fa3682a83b61f82c616ae5087ae3640e
                                                                                                                            • Instruction Fuzzy Hash: EA121574700601CFCB14DF69D988A6ABBF6FF89305B1584A9E406CB366DB35EC45CBA0
                                                                                                                            Function 09659638 Relevance: .4, Instructions: 409COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d4a646fda41161b436db87c1fc2df02a4c4cbe0572eea955b4636b09ed0dcd3
                                                                                                                            • Instruction ID: 897f4a876e731ce50b8fc4c618136d0b2d4cdb12e2630095ed26666635ec9d6b
                                                                                                                            • Opcode Fuzzy Hash: 1d4a646fda41161b436db87c1fc2df02a4c4cbe0572eea955b4636b09ed0dcd3
                                                                                                                            • Instruction Fuzzy Hash: 08F13934A00249DFCB18DFA8E454AAEBBF2FF88310F5544A9E806AB395DB35DC45CB51
                                                                                                                            Function 09600C30 Relevance: .4, Instructions: 376COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 68440c3ea9d9eee19323f76c3406f27f517d8d64021e7154a6b916324e1c37c8
                                                                                                                            • Instruction ID: ffc46055c662a359966c8a7f899c441d788b8e28843e7ce3ca448c04fc8d737d
                                                                                                                            • Opcode Fuzzy Hash: 68440c3ea9d9eee19323f76c3406f27f517d8d64021e7154a6b916324e1c37c8
                                                                                                                            • Instruction Fuzzy Hash: 5FD1D535B092508FD71DCF28D4A4B6BBBE6EFC5360B1480AAE805DB395DA32DC42C791
                                                                                                                            Function 0968A6C8 Relevance: .4, Instructions: 361COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfefb7dac20534a24f93b3ecaaeea36d7eeb0b8f74639169bd35972172365a04
                                                                                                                            • Instruction ID: b74ff533722e2c9b5e707111d02341312520eea363a6fd4e40d902a8e3d81853
                                                                                                                            • Opcode Fuzzy Hash: bfefb7dac20534a24f93b3ecaaeea36d7eeb0b8f74639169bd35972172365a04
                                                                                                                            • Instruction Fuzzy Hash: 5CF12A74D00218DFCB58DFA4E954A9EBBB2FF4A301F2081A9D509AB361DB35AD85CF50
                                                                                                                            Function 08A600B9 Relevance: .3, Instructions: 337COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e8910f49302fac148563550a2585493b1523cd4fbfb2a14892ae3547faa1f36
                                                                                                                            • Instruction ID: 748eb0010f53f5ce62aa3e98b222909dec955e6f6ebf0231766202c4f829f4bc
                                                                                                                            • Opcode Fuzzy Hash: 9e8910f49302fac148563550a2585493b1523cd4fbfb2a14892ae3547faa1f36
                                                                                                                            • Instruction Fuzzy Hash: 78C160347006049FEB049B68C859B2E7AB6EF89711F108069E603AB7A5CBB9DC55CB91
                                                                                                                            Function 09607000 Relevance: .3, Instructions: 329COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 64dfc618db0ea95a6e4d2ae204115c0795cbe2464f785aa58d397b7e988e3d45
                                                                                                                            • Instruction ID: 86443dd8fe768f12114ac7ed3ba010273bae0eb250e3e7ece7a3084ac0e640de
                                                                                                                            • Opcode Fuzzy Hash: 64dfc618db0ea95a6e4d2ae204115c0795cbe2464f785aa58d397b7e988e3d45
                                                                                                                            • Instruction Fuzzy Hash: 2FD19070A002059FCB18DF65E894AAEBBF6FF84310F148969D4069B795DB34ED49CBA0
                                                                                                                            Function 09620669 Relevance: .3, Instructions: 299COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cc7784abb71062ba1296f6175c8e99ac3963601c184ec3583ff0faffbcddd1d2
                                                                                                                            • Instruction ID: 10f6756203bcf1294781b8de767f892848b9c6080ab7ce1a302f57881534f3f4
                                                                                                                            • Opcode Fuzzy Hash: cc7784abb71062ba1296f6175c8e99ac3963601c184ec3583ff0faffbcddd1d2
                                                                                                                            • Instruction Fuzzy Hash: 5BD14A74A00259CFCB28DF75D858BAD7BB2BF88301F1084A9E50AA73A0DB319D85DF51
                                                                                                                            Function 088CF348 Relevance: .3, Instructions: 282COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d122256f9d03eafd189eaaa571407e8151e2a586c3b388c24f9671bb130200f
                                                                                                                            • Instruction ID: 963365f8f83b6ba08afca7f523f412762596b9563d3aeafbd3dc633c185b0999
                                                                                                                            • Opcode Fuzzy Hash: 4d122256f9d03eafd189eaaa571407e8151e2a586c3b388c24f9671bb130200f
                                                                                                                            • Instruction Fuzzy Hash: 8BA1AD34B002419FDB14DF68D898A6A7BB6FF88301F1540AEE906DB7A6DE74DC02CB51
                                                                                                                            Function 09659C70 Relevance: .3, Instructions: 252COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a05bdae17adc5c93cb32253dae18f4ddea23c0772bd4e64097cfea0ccf260667
                                                                                                                            • Instruction ID: 5a441b09cded3da2e177829c4f4e1a341553896d247dc1696483557a5273fcf2
                                                                                                                            • Opcode Fuzzy Hash: a05bdae17adc5c93cb32253dae18f4ddea23c0772bd4e64097cfea0ccf260667
                                                                                                                            • Instruction Fuzzy Hash: C5918B34B00644DFCB09DF68D49495DBBF6EF89310B6581AAE81ADB3B6CA74EC41CB50
                                                                                                                            Function 081D1C82 Relevance: .2, Instructions: 239COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cb55376e2e509609a961012d5f6659001510feead7b4907e182de802f26fa0b6
                                                                                                                            • Instruction ID: 52da771511be102f6bbfb557733b5736bfeed1b42f7db8b52b896c788af7716d
                                                                                                                            • Opcode Fuzzy Hash: cb55376e2e509609a961012d5f6659001510feead7b4907e182de802f26fa0b6
                                                                                                                            • Instruction Fuzzy Hash: 83A15C746002019FC705DF28E584D59BBF6FF89310B1589A8D44A9B7B6CB34ED4ACFA0
                                                                                                                            Function 081D1C90 Relevance: .2, Instructions: 230COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cf002f8a5102142123fdbc82534383c4dbd3f08b322594c771f6f7eff4af9c8
                                                                                                                            • Instruction ID: f216fe5a7db250fdb7e20d8f57b9c1291e1c775bc280f7683b45fff8ea16e113
                                                                                                                            • Opcode Fuzzy Hash: 0cf002f8a5102142123fdbc82534383c4dbd3f08b322594c771f6f7eff4af9c8
                                                                                                                            • Instruction Fuzzy Hash: 6AA14C746006019FC705DF28E584D59BBF6FF89310B1189A8D44A9B7B6DB34ED4ACFA0
                                                                                                                            Function 09602E98 Relevance: .2, Instructions: 221COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f7e4af77744953a1e48a0929bed87f574e8d9fd01c5fd7b62ddd586db60b192
                                                                                                                            • Instruction ID: f40ce8c647e86a7c7964dfafda85069d0b75dee88db3bea834de01c5c8dce68c
                                                                                                                            • Opcode Fuzzy Hash: 1f7e4af77744953a1e48a0929bed87f574e8d9fd01c5fd7b62ddd586db60b192
                                                                                                                            • Instruction Fuzzy Hash: 2C916734A022449FCB14DF69D4A8A6EBBF2FF88300B108969E81AD7791CB35EC45CF51
                                                                                                                            Function 096866E8 Relevance: .2, Instructions: 194COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 469a10f61e8bc0126f3e81697efefd9f33902c35303436389e085fcf87f02220
                                                                                                                            • Instruction ID: 18e9094ad66b7101cb34cbf693ace8d9c50d834ec9c90f6e88888334a9cbe8fc
                                                                                                                            • Opcode Fuzzy Hash: 469a10f61e8bc0126f3e81697efefd9f33902c35303436389e085fcf87f02220
                                                                                                                            • Instruction Fuzzy Hash: 6D71C731A003499FCB14EF74D859BAEBBBAFF85300F10866AE555A7390DB70A944CB91
                                                                                                                            Function 088CD700 Relevance: .2, Instructions: 191COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 761cb2a2a6fb42e8f46f5103a6d6ad0d20e9f753e8c20b8734b7e8ea2dc6fc46
                                                                                                                            • Instruction ID: e72dcd0d8d634ad12de4f07922aad0f90953cfb4d018f3841f1e5a92fb92a09c
                                                                                                                            • Opcode Fuzzy Hash: 761cb2a2a6fb42e8f46f5103a6d6ad0d20e9f753e8c20b8734b7e8ea2dc6fc46
                                                                                                                            • Instruction Fuzzy Hash: F4714870E002498FDB14DFA9D4546AEBBF6BFC8300F24852AE805EB794DB709C46CB91
                                                                                                                            Function 0965952C Relevance: .2, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b748bc68b7123ff56003729dc15c3de57bb19029651008bc808c8f51ddfa173b
                                                                                                                            • Instruction ID: 1b53608ad53e833604b50e16b88f243b2e3f5daeeca750f5422c0bf4952bc468
                                                                                                                            • Opcode Fuzzy Hash: b748bc68b7123ff56003729dc15c3de57bb19029651008bc808c8f51ddfa173b
                                                                                                                            • Instruction Fuzzy Hash: 86517B35B007049FCB249F79D88496EBBF6BF89310B148A6DE846C7765DB30EC068B51
                                                                                                                            Function 09658616 Relevance: .2, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d019add37b4ed75ea0350a2dd49bcba49168a8c04bb91754346833e2afb8f064
                                                                                                                            • Instruction ID: 5159b5b20db6a5a55ec4ba10468ec6e0b4e862166c7f957e9481c287c5f93795
                                                                                                                            • Opcode Fuzzy Hash: d019add37b4ed75ea0350a2dd49bcba49168a8c04bb91754346833e2afb8f064
                                                                                                                            • Instruction Fuzzy Hash: 61810F34E00209CFDB24EFB4D458AADBBB2FF49305F148569E816AB761DB309985CF81
                                                                                                                            Function 09607288 Relevance: .2, Instructions: 182COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0830100f11a3ca12c201bdb3867342b0e2bd93294478f5eab12ac14bc8cf1a24
                                                                                                                            • Instruction ID: efe5c6b3e9c5f6ae0ce0875d5c7ffb5944a9ec2cb6cb984565421ff9b0c9ded4
                                                                                                                            • Opcode Fuzzy Hash: 0830100f11a3ca12c201bdb3867342b0e2bd93294478f5eab12ac14bc8cf1a24
                                                                                                                            • Instruction Fuzzy Hash: 5A714B70A002059FDB18DF69E8D4A6EBBF6FF84310F148A68D4059B795DB34ED49CBA0
                                                                                                                            Function 081DB6BF Relevance: .2, Instructions: 180COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0e4c470f556db9df431d8759c49b31d2507fe11659685b846e4b28475663f548
                                                                                                                            • Instruction ID: 181d99ef547f24138f0b316813a87232d056992ef81c6e396ea001d03a0de8e7
                                                                                                                            • Opcode Fuzzy Hash: 0e4c470f556db9df431d8759c49b31d2507fe11659685b846e4b28475663f548
                                                                                                                            • Instruction Fuzzy Hash: 74616C74F042158FCB14DF69D954AAEBBF6AF88311B15816ED806EB365DB34DC02CBA0
                                                                                                                            Function 0960D1C8 Relevance: .2, Instructions: 176COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b3b8d6d0a4a15931503f6f53479d0cf236c76ee832990cc643c3bd8d23e3a5df
                                                                                                                            • Instruction ID: 417a8b49ac046d06ef9ac561e749e0bf48b2901a1832f7ef82d98a10934066a7
                                                                                                                            • Opcode Fuzzy Hash: b3b8d6d0a4a15931503f6f53479d0cf236c76ee832990cc643c3bd8d23e3a5df
                                                                                                                            • Instruction Fuzzy Hash: 8A715131E0070ACFCB14EFA8D560599FBB1FF85310F15875AE559A7260EB31EA85CB80
                                                                                                                            Function 09659628 Relevance: .2, Instructions: 165COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 136507f8725231bc8c83f0fd77908c766941f5902e1acf7691a75e29901a880e
                                                                                                                            • Instruction ID: b3bbe7c1ff53848be366b278a06b17c4c39279f24553133815d6b51ad755f04d
                                                                                                                            • Opcode Fuzzy Hash: 136507f8725231bc8c83f0fd77908c766941f5902e1acf7691a75e29901a880e
                                                                                                                            • Instruction Fuzzy Hash: 8C711934A00209DFDB18DF64E588A9DBBB2FF48310F4444A9E806AB3A1DB74EC85CF51
                                                                                                                            Function 0960F158 Relevance: .2, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a939cbb146c2789d3abfb8dde61c551cbed89c2efa9ff73f13b9129de8c68ac9
                                                                                                                            • Instruction ID: bc1584e685a494d51a56e8eb542f82c901d989615b2d15c11572f1164bf2faff
                                                                                                                            • Opcode Fuzzy Hash: a939cbb146c2789d3abfb8dde61c551cbed89c2efa9ff73f13b9129de8c68ac9
                                                                                                                            • Instruction Fuzzy Hash: 4D51D130A002559FCB29DFB8A4696AE7BA5FBC5310F1085A9E419D7784EF309D0A8B91
                                                                                                                            Function 081DF4D8 Relevance: .2, Instructions: 162COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3944f71d6d674d9affb5f1dff95f1b7e64602e1527e6ab462202a6a2aad28451
                                                                                                                            • Instruction ID: 88c6ec82824d088e007575dda2ff42fb0090179e99681fd002c3d6561ec84e67
                                                                                                                            • Opcode Fuzzy Hash: 3944f71d6d674d9affb5f1dff95f1b7e64602e1527e6ab462202a6a2aad28451
                                                                                                                            • Instruction Fuzzy Hash: D161CFB0D003189FDB14CFA9D884BDEBBB5BF48300F14952AD41AAB2A4DB745986CF50
                                                                                                                            Function 081DF4CD Relevance: .2, Instructions: 160COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 80f11b864b8b1e785ec8ecf8c25054540eddba4bfe57b0c4ec55c640d8943919
                                                                                                                            • Instruction ID: d6b6f9641d3271e9efb0f9f786d80b884e56d466916c3c5987cc3c2019fecd0b
                                                                                                                            • Opcode Fuzzy Hash: 80f11b864b8b1e785ec8ecf8c25054540eddba4bfe57b0c4ec55c640d8943919
                                                                                                                            • Instruction Fuzzy Hash: 6161EFB0D003189FDF14CFA9D884BDEBBB1BF48304F14952AD41AAB2A4DB745A86CF50
                                                                                                                            Function 0965D800 Relevance: .2, Instructions: 155COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cec834e344e662b4e0b1a27bca65c343ea45f49ff7a54dc30d49a94b1e71cd06
                                                                                                                            • Instruction ID: eb4d42e2f0522cfe5ec2a0ebe9536edd635a733d5966b3542a3ceabc09ff934b
                                                                                                                            • Opcode Fuzzy Hash: cec834e344e662b4e0b1a27bca65c343ea45f49ff7a54dc30d49a94b1e71cd06
                                                                                                                            • Instruction Fuzzy Hash: 3251F431B042455FCB01EF79D8546AFBFA6EF85310F11816AE809DB381EA30D905C7A5
                                                                                                                            Function 08A634D8 Relevance: .1, Instructions: 143COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5345d4697c7f849d64e820a24fe9fbd71dc99328ed2019b2d8cb1ed62c7ed00f
                                                                                                                            • Instruction ID: e9b7ba8926672ca2c2e820b08c33f02ac34e50b6d41cf7fff22c979ca726466d
                                                                                                                            • Opcode Fuzzy Hash: 5345d4697c7f849d64e820a24fe9fbd71dc99328ed2019b2d8cb1ed62c7ed00f
                                                                                                                            • Instruction Fuzzy Hash: 5D514635B401189FCB14CF69C884AAEBBF6FF88314F1180A9E905AB365DB70EC05CB50
                                                                                                                            Function 081D6A18 Relevance: .1, Instructions: 142COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f5aa137fdccac31b7c928e74addb8f5f36694d1dddb5640bcd7c792130676c6
                                                                                                                            • Instruction ID: e1bd553d875311b02d9bfeeafa7b2db5dcc3b9f98d836579e3681beced4f50b6
                                                                                                                            • Opcode Fuzzy Hash: 4f5aa137fdccac31b7c928e74addb8f5f36694d1dddb5640bcd7c792130676c6
                                                                                                                            • Instruction Fuzzy Hash: A44106327097508FC712CB68D840A5BBBE5EFC5721B1AC5AED489CB652D734EC06C7A0
                                                                                                                            Function 088CEA1F Relevance: .1, Instructions: 140COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d91f2f0121dd65a2a372a295e27c9cdd77230492bf22fc0f4b95ac9ae41c3b38
                                                                                                                            • Instruction ID: 8db11eff9cb743edafaf75849e6a35da64f61b9c6651c41730f99a9e8d2116c2
                                                                                                                            • Opcode Fuzzy Hash: d91f2f0121dd65a2a372a295e27c9cdd77230492bf22fc0f4b95ac9ae41c3b38
                                                                                                                            • Instruction Fuzzy Hash: 0A51EA34A01209DFCB14DFA5D988A9DBBB2FF88311F158559E805AB369CB35EC42CF90
                                                                                                                            Function 09659D90 Relevance: .1, Instructions: 135COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b222231f39326c84716a97d8da79544294eda1459763472d588587762c4daeb
                                                                                                                            • Instruction ID: feec176e2d4fddd650ffc100acd5cb6294711c085c89fc99755203736596ce89
                                                                                                                            • Opcode Fuzzy Hash: 2b222231f39326c84716a97d8da79544294eda1459763472d588587762c4daeb
                                                                                                                            • Instruction Fuzzy Hash: A151D435A01604DFCB08CF68D58899DFBB2FF89310B658199E8169B375CB71EC41CB50
                                                                                                                            Function 09625610 Relevance: .1, Instructions: 134COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 422f06fdae8f9134ccbd24a4ff0cb55f3b92bedbfa27b12d5768f55b4048d8e2
                                                                                                                            • Instruction ID: 4b8784a05f18b777e085ac8f7eb3b048eed80bc242105a69294a8b0f326c0c7c
                                                                                                                            • Opcode Fuzzy Hash: 422f06fdae8f9134ccbd24a4ff0cb55f3b92bedbfa27b12d5768f55b4048d8e2
                                                                                                                            • Instruction Fuzzy Hash: F951AD30A043459FCB15DF68E954A9ABBB2FF81310F14C0AAE40ADB296DB34DD06CB91
                                                                                                                            Function 081D40F0 Relevance: .1, Instructions: 132COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ca7530769f76f6397db969609a45a7cfef08958eb0cf31b2860785a1a892fc78
                                                                                                                            • Instruction ID: 0a3ecad68d7e1abe5e3fa7407e165d8c9d15f58f939312d553df460e48a59a86
                                                                                                                            • Opcode Fuzzy Hash: ca7530769f76f6397db969609a45a7cfef08958eb0cf31b2860785a1a892fc78
                                                                                                                            • Instruction Fuzzy Hash: 2D518E30A002099FCB15DF58E980A9EBBFAFF84314F18C569D4099B265D735FD0ACBA0
                                                                                                                            Function 0960F6E0 Relevance: .1, Instructions: 132COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e48505e1e13ef690215307727790f6543dc0fae6da15a802501ff7f10fdb359b
                                                                                                                            • Instruction ID: def47c4bd99cab06215c7b84025a33bbed0952dd2fa6ddd8738da8cb417c9dfc
                                                                                                                            • Opcode Fuzzy Hash: e48505e1e13ef690215307727790f6543dc0fae6da15a802501ff7f10fdb359b
                                                                                                                            • Instruction Fuzzy Hash: A2418E317002508FC7299F29E4A8A6ABBE2FFC9315F1545ADE40ACB7A1CB75DC46CB41
                                                                                                                            Function 0962E939 Relevance: .1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3e8c99fb9ad3fbb947cdc87e59a784e61e170dc867d11fa072bf077965b131d9
                                                                                                                            • Instruction ID: 07a9f94d41c48e8ab2696e5482730a6c1991625d2f5362ca15eff7e5e212ec47
                                                                                                                            • Opcode Fuzzy Hash: 3e8c99fb9ad3fbb947cdc87e59a784e61e170dc867d11fa072bf077965b131d9
                                                                                                                            • Instruction Fuzzy Hash: 6B513470E002589FCB15DFA5D498AADBBF6FF88300F14816AE806AB3A5DB359C45CF50
                                                                                                                            Function 088CD9E0 Relevance: .1, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 52eae022e54704561a03bf4b09f38b48595fe544d8d400c1da45b8a9f3593b5c
                                                                                                                            • Instruction ID: 71677a081e074630a9cafdfe47f9f3795edb4a3c1362f20031b3c124bab9e362
                                                                                                                            • Opcode Fuzzy Hash: 52eae022e54704561a03bf4b09f38b48595fe544d8d400c1da45b8a9f3593b5c
                                                                                                                            • Instruction Fuzzy Hash: B341BB31B042048FC704EB68D554B7EBBB6EF89311F1481AED809DB795DA35DC42CB91
                                                                                                                            Function 0962C650 Relevance: .1, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98e231196ba2cba8b07eebca84ca4387eabee17d7eb49a480cb08b5e6d363a18
                                                                                                                            • Instruction ID: 3be3af407063c7ff7bd02c959b3778b4521360ca1ee1485cbcfa68f4ff4dcf33
                                                                                                                            • Opcode Fuzzy Hash: 98e231196ba2cba8b07eebca84ca4387eabee17d7eb49a480cb08b5e6d363a18
                                                                                                                            • Instruction Fuzzy Hash: 32414875B009108FCB54EF29E98892EBBF6FF88701B148069E846C7358DB38DD06CB95
                                                                                                                            Function 09654B80 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 408cd166160d096f88d29308592102738724dbeb0ff2930158ff1758e525ed09
                                                                                                                            • Instruction ID: 584608f605a11b9635023d7c0c4c732d59a87f1f0009651971c2cddb94cca20a
                                                                                                                            • Opcode Fuzzy Hash: 408cd166160d096f88d29308592102738724dbeb0ff2930158ff1758e525ed09
                                                                                                                            • Instruction Fuzzy Hash: FF51C930A04245CFCB05DFA8D49499CBFB4EF45300F15819AE846EB261DF70AD8ACB51
                                                                                                                            Function 081D5B20 Relevance: .1, Instructions: 126COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 109320165ad42c07308dc96eea712ba05c42800693cc45e32e0f73a358823372
                                                                                                                            • Instruction ID: 133ef2d38b6560860ef49a57211fa33ab272425a24f0580ff720e90411c17a34
                                                                                                                            • Opcode Fuzzy Hash: 109320165ad42c07308dc96eea712ba05c42800693cc45e32e0f73a358823372
                                                                                                                            • Instruction Fuzzy Hash: CC4179342006009FC315AB38F554A5E7BEBEFC5311B149AACD0468B7A5DB79ED4ACBA0
                                                                                                                            Function 0962EF20 Relevance: .1, Instructions: 123COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b5337d3c7a9a1e2d917c23a76934f5d9a4e12312d6209b123894532b01e3378c
                                                                                                                            • Instruction ID: 1d5bb4e88b868e7e4ea8adc452e2f6d9212fff9d1c6b34d87fb1f8bc7e12f89e
                                                                                                                            • Opcode Fuzzy Hash: b5337d3c7a9a1e2d917c23a76934f5d9a4e12312d6209b123894532b01e3378c
                                                                                                                            • Instruction Fuzzy Hash: 11510830A01259DFDB45DFA4D598AADBBB6FF48300F14806AE806AF3A5DB759C45CF40
                                                                                                                            Function 081D4728 Relevance: .1, Instructions: 122COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec28f14dab5c51a748c242b71eececd9a052bdaae938b232fe6c7a04a0ec3f77
                                                                                                                            • Instruction ID: 621f3e0ad55579cfeb3e9570710497f9ddc6ef423a28b060de2749936dc6c1c8
                                                                                                                            • Opcode Fuzzy Hash: ec28f14dab5c51a748c242b71eececd9a052bdaae938b232fe6c7a04a0ec3f77
                                                                                                                            • Instruction Fuzzy Hash: 674151301407006FC355EF28F950A4A7FE7EF81320F559AACC1469FAA6DB79AD09CB61
                                                                                                                            Function 096003E8 Relevance: .1, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38d5923f9ec014459bb45f9cc6af212deeb0afb71dd58781f2a8a5e2428185d2
                                                                                                                            • Instruction ID: e6111913fbc5752c74716aa8e0366d8d70fe1419694793596f861e973a96f669
                                                                                                                            • Opcode Fuzzy Hash: 38d5923f9ec014459bb45f9cc6af212deeb0afb71dd58781f2a8a5e2428185d2
                                                                                                                            • Instruction Fuzzy Hash: 2241B430A043918FC705DF68D8A569ABFB1FF89310B148599D455DF3A2DB34EC49CBA1
                                                                                                                            Function 0965D958 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1be1476bb6f17e8304f179c77af53c6dbed6324cb27aa120e065867d74d8024b
                                                                                                                            • Instruction ID: 950fb341ca6fd6fac6f48903ee6cbde1ea1ec401c039c1434d6ef1ff2fb05ba7
                                                                                                                            • Opcode Fuzzy Hash: 1be1476bb6f17e8304f179c77af53c6dbed6324cb27aa120e065867d74d8024b
                                                                                                                            • Instruction Fuzzy Hash: 91419271A042499FCB00EFA8D855AAE7FF6FF89310F10856AE906D7390DB35D941CBA1
                                                                                                                            Function 09605AA0 Relevance: .1, Instructions: 119COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da07015fd76b904e44e73b88bf56af03903ea49f9945bbced5744ba536da4e7a
                                                                                                                            • Instruction ID: 0077892952bd7d63bacca7198e5ded4febfa063a43648686c958ab40bdeef5d4
                                                                                                                            • Opcode Fuzzy Hash: da07015fd76b904e44e73b88bf56af03903ea49f9945bbced5744ba536da4e7a
                                                                                                                            • Instruction Fuzzy Hash: 2C418C347042458FDB199E3A94B872A7BA6EBC9710F1844AAF006CB3E1DF29DC42CF55
                                                                                                                            Function 081D5B30 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 750eaf4fd86911a8e10c868e201b84eb41401b76aeec2f4af950f31822911e57
                                                                                                                            • Instruction ID: 5df0a9cfffaa13e3e1b9a69ce56d3622f71d9404edcc943379cfed10909c6a82
                                                                                                                            • Opcode Fuzzy Hash: 750eaf4fd86911a8e10c868e201b84eb41401b76aeec2f4af950f31822911e57
                                                                                                                            • Instruction Fuzzy Hash: 0E4137342006009FC319AB38F554A1E7BEBEFC5211B149A6CD0468B7A5DB75ED4ACBA0
                                                                                                                            Function 096562B8 Relevance: .1, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e69991c5f31d53894880ba498c6a005ff899b1ead2d32bdd4bed811e979b859f
                                                                                                                            • Instruction ID: 27d4ade5fd0e5e746ae9d6590ba1e5ce29efe747be015637f587f5c0f59074c9
                                                                                                                            • Opcode Fuzzy Hash: e69991c5f31d53894880ba498c6a005ff899b1ead2d32bdd4bed811e979b859f
                                                                                                                            • Instruction Fuzzy Hash: 07416331A006099FCB14EF68D955AEEBBB6FF48300F508119E946A7354EF70AA45CF91
                                                                                                                            Function 081DD550 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: efdcb727c9be84f414a0784ac7cffcb53538873d98d7ef613b6ea34e66fabc4f
                                                                                                                            • Instruction ID: 18529b3052df4d85f124e2ccdbb3a72afa38dfc33c5791e9d92b9eb905597b6c
                                                                                                                            • Opcode Fuzzy Hash: efdcb727c9be84f414a0784ac7cffcb53538873d98d7ef613b6ea34e66fabc4f
                                                                                                                            • Instruction Fuzzy Hash: 07418C34A00606CFCB11CF59D980A6ABBF2FF89310B16CA99E45A9B365D730F815CF90
                                                                                                                            Function 09600448 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38b75c904f12fc0ec34330676108ad69341e45a6d9f46dfe5f4c51c04986b4e9
                                                                                                                            • Instruction ID: 1277f8816d7640915812cf81e960253d0d4fb6bbccdb56ca7a732a35c518d658
                                                                                                                            • Opcode Fuzzy Hash: 38b75c904f12fc0ec34330676108ad69341e45a6d9f46dfe5f4c51c04986b4e9
                                                                                                                            • Instruction Fuzzy Hash: C8416034A00205CFCB59EF65E994A6EBBF2FF88310F108568E8069B395DB34ED45CB91
                                                                                                                            Function 0968B9C8 Relevance: .1, Instructions: 113COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5a68ee23275dc766d86f0f1a26068d01445c3e2d2e510ab5150f1b5472eedfc3
                                                                                                                            • Instruction ID: 1fe8ff2018bf00c82819c251852964493e09923934a74aa5687f974d14e181c7
                                                                                                                            • Opcode Fuzzy Hash: 5a68ee23275dc766d86f0f1a26068d01445c3e2d2e510ab5150f1b5472eedfc3
                                                                                                                            • Instruction Fuzzy Hash: 13413670D112088FCF04EFF8D950AEEBBB5BF89300F108229D459BB258EB345A49CB94
                                                                                                                            Function 081D4738 Relevance: .1, Instructions: 112COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f2c345eb33a530d4cf0bec5c88a636db444a794aaa7d939d294b053cc1d0518
                                                                                                                            • Instruction ID: 851bf6f6d99ed6744c012ef6e11f7f094f9e354cfe216d3899f82574ea72e757
                                                                                                                            • Opcode Fuzzy Hash: 2f2c345eb33a530d4cf0bec5c88a636db444a794aaa7d939d294b053cc1d0518
                                                                                                                            • Instruction Fuzzy Hash: A54141305407005FC355EF28F550A4A7BE7EF81320F5599ACC1469BAA5DB79FD09CB60
                                                                                                                            Function 0960C7F8 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e9e0251bb2c839ef4d9d9b621abf950a9604fa9549dafbbc709231c7beb0905a
                                                                                                                            • Instruction ID: 62b2f7157f6d1fcb42c6938590e55edd3b556205327b12f56e4aedf696be274d
                                                                                                                            • Opcode Fuzzy Hash: e9e0251bb2c839ef4d9d9b621abf950a9604fa9549dafbbc709231c7beb0905a
                                                                                                                            • Instruction Fuzzy Hash: F531D531B082815FD7199A3DA42532EBFD6AFC5350F18C2BAE449CB3C2DE398C418795
                                                                                                                            Function 088CAC08 Relevance: .1, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4f22d4ed11b06f7b976cd57f37c37b90580df1b9f1404a0836c0ef5ca334ab3
                                                                                                                            • Instruction ID: 3c3f9532232ec7c77d409529eaa7eb6bac19221b9d7c594112e11e9e8ce318e8
                                                                                                                            • Opcode Fuzzy Hash: a4f22d4ed11b06f7b976cd57f37c37b90580df1b9f1404a0836c0ef5ca334ab3
                                                                                                                            • Instruction Fuzzy Hash: F541C3B0A442589FDB08DF79E8157AE7FF2AF81301F1080AAD501DB2E5DB348D06CBA1
                                                                                                                            Function 09621448 Relevance: .1, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da3b928b63af8876150f1764dbc65e1ca12c02ce1888fe7b16f8715f7de7f0c5
                                                                                                                            • Instruction ID: ae1f607dcf9980c40baa1be3d028d283972260175f7bb0ddbe1b0de177455083
                                                                                                                            • Opcode Fuzzy Hash: da3b928b63af8876150f1764dbc65e1ca12c02ce1888fe7b16f8715f7de7f0c5
                                                                                                                            • Instruction Fuzzy Hash: E931F8707083905FD7555B78A42872E3FAA9FC6311F2580AAD546CB7E2CD398C07CB66
                                                                                                                            Function 096284C8 Relevance: .1, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 038c156770913eb29875b8f9739ab103ff5690ec96fb0b13b633c7730e19e0cc
                                                                                                                            • Instruction ID: 4d8640263c390ad146f3df044e430f5892242a8aeaed108f72cbb8af94c1bdbb
                                                                                                                            • Opcode Fuzzy Hash: 038c156770913eb29875b8f9739ab103ff5690ec96fb0b13b633c7730e19e0cc
                                                                                                                            • Instruction Fuzzy Hash: B1417A30B403559FCB689F78A42976E7BF2BB84300F1045AAD806E77C5EE349D018F92
                                                                                                                            Function 096276CF Relevance: .1, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 27bdd5d70319ccd025db2cdce843357cb8f5035caeb5163ceaa81bda60b4c1c6
                                                                                                                            • Instruction ID: 892a5d93ccfa991fd39d37a725886e569142bd6648f18af6aad7858ef9708ada
                                                                                                                            • Opcode Fuzzy Hash: 27bdd5d70319ccd025db2cdce843357cb8f5035caeb5163ceaa81bda60b4c1c6
                                                                                                                            • Instruction Fuzzy Hash: 7E41E734A00558DFCB44DFA8D958A9DBBB2FF88301F158169E506AB3B1DB34AD42CF41
                                                                                                                            Function 088C84B7 Relevance: .1, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 646396088c0247401fb9476f97fa514846d7b4f48f88479a838adfe370d81787
                                                                                                                            • Instruction ID: 46a3df1540fb3b80cd128431500e40d5c6abd9f622d780b30339b9388da1887f
                                                                                                                            • Opcode Fuzzy Hash: 646396088c0247401fb9476f97fa514846d7b4f48f88479a838adfe370d81787
                                                                                                                            • Instruction Fuzzy Hash: 9A31D031E00786CFCB259F78D8601AABBB1FF85301B10866FD056E7695DB74A982CF91
                                                                                                                            Function 088C4E30 Relevance: .1, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b321fbba5cf4606a7c1661ac1fd8c63e71f1ffab7a38e55d47a4e308cddd3cc1
                                                                                                                            • Instruction ID: a37e6156ffc6b96162022e2b51c7ca906b365935e59a9204eca30f2e9f8eef41
                                                                                                                            • Opcode Fuzzy Hash: b321fbba5cf4606a7c1661ac1fd8c63e71f1ffab7a38e55d47a4e308cddd3cc1
                                                                                                                            • Instruction Fuzzy Hash: 3441D674D002499FCB04EFA8F9A8A9DBFBAEF88301F204555E415E3395DB346904CF62
                                                                                                                            Function 09628348 Relevance: .1, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8caa474a0dc68add60f993e2daabc7272ea6fdb0b9ca03dbe425b7418e118b8b
                                                                                                                            • Instruction ID: 3841ea15790a870c2b0d709d598ce2274dabd74827f757896b6df3939ad6472c
                                                                                                                            • Opcode Fuzzy Hash: 8caa474a0dc68add60f993e2daabc7272ea6fdb0b9ca03dbe425b7418e118b8b
                                                                                                                            • Instruction Fuzzy Hash: 86319D30B002549FC7549F69E829B6E7FAAFFC8350F14446AE45AC7791DE719842CF82
                                                                                                                            Function 081DD108 Relevance: .1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec5dcc2e8fc8fb6cb9845811b46d646dfa7a252b11dd26bcbadcd71e2ab933ed
                                                                                                                            • Instruction ID: 0022f2db37b3ffef6406913b0d3c2ee835a003b82e5cd38332f42878fccc7a72
                                                                                                                            • Opcode Fuzzy Hash: ec5dcc2e8fc8fb6cb9845811b46d646dfa7a252b11dd26bcbadcd71e2ab933ed
                                                                                                                            • Instruction Fuzzy Hash: 4E318C797002109FCB15DF39E88499ABBB6EF89311B10856DE906CB366DB34ED41CBA0
                                                                                                                            Function 09657470 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 28047faf010b48993b2ae9858104799722d52f3d5ae438477d885051ec71c955
                                                                                                                            • Instruction ID: 42bee0936759a2bb8dfeecd961d851b89e92852b23d0d687f78d99e8d7e17809
                                                                                                                            • Opcode Fuzzy Hash: 28047faf010b48993b2ae9858104799722d52f3d5ae438477d885051ec71c955
                                                                                                                            • Instruction Fuzzy Hash: F1315871A002598FCB18DF68C951AADBBF1AF89310F148169EC46BB350EB31DD45CBA1
                                                                                                                            Function 0960DCA0 Relevance: .1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 574f330645724869c7c7a043a8c40864cac5d9982e74cac2884db8538d20cf6b
                                                                                                                            • Instruction ID: edc31834104c843eec3531adf4e403a1abb985a6f0f87b4f24d8aa02b4702f91
                                                                                                                            • Opcode Fuzzy Hash: 574f330645724869c7c7a043a8c40864cac5d9982e74cac2884db8538d20cf6b
                                                                                                                            • Instruction Fuzzy Hash: F031C1A1B0C1C09FEB196AA8B03537E3B9B87D5341F04403FD496C73CACD6948428BA3
                                                                                                                            Function 09651B78 Relevance: .1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 83a5858b6b8f98923345c8654214742c6b4f38040279b96c367be1cce57af13f
                                                                                                                            • Instruction ID: 4b404e1a1a04eb4a429d3205b1b938b2388f9543ae03601fe2832c83718aecf9
                                                                                                                            • Opcode Fuzzy Hash: 83a5858b6b8f98923345c8654214742c6b4f38040279b96c367be1cce57af13f
                                                                                                                            • Instruction Fuzzy Hash: 1131F535A041188FCB04DFAAD4849DDBBF6EF8C321F199065E805A7364DB35AD85CFA0
                                                                                                                            Function 088C7D68 Relevance: .1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c7be365b7f01c4911ace22478be15e1891711fbb3b736881c83c4b8abcc0b5f2
                                                                                                                            • Instruction ID: 1960a049a85aafd411c2ca4a8997c58a7e057b752a759320102d28912c2fea22
                                                                                                                            • Opcode Fuzzy Hash: c7be365b7f01c4911ace22478be15e1891711fbb3b736881c83c4b8abcc0b5f2
                                                                                                                            • Instruction Fuzzy Hash: 703137347002048FD718EF68D4A8AAA7BB6EF88701F1444ADE902DB7A4DE36DC41CF51
                                                                                                                            Function 0962F400 Relevance: .1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96548e8a1685d12ac12fef0693aee0889fd4752c86f0e30db9dcfafd89ac73e6
                                                                                                                            • Instruction ID: 90cd547cfbf5a0b5d2a491b7272fb9fbf62c0832e9a7e3081a8b073c75d48d51
                                                                                                                            • Opcode Fuzzy Hash: 96548e8a1685d12ac12fef0693aee0889fd4752c86f0e30db9dcfafd89ac73e6
                                                                                                                            • Instruction Fuzzy Hash: 7831B030A00254DFCB189F65E4A97EDBBF5BF48311F14806AE802AB7A5CB758C85CF60
                                                                                                                            Function 09603790 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: beef55330d21e28ef7f7e855cac070ab8dafd32b0e55be552e1f9e2da17f8117
                                                                                                                            • Instruction ID: 70daccbd9727d955ee3b50d432e13d755a145b7800622fa32ddb1b3027fbb04c
                                                                                                                            • Opcode Fuzzy Hash: beef55330d21e28ef7f7e855cac070ab8dafd32b0e55be552e1f9e2da17f8117
                                                                                                                            • Instruction Fuzzy Hash: 0B3181317043509FC7289E79E4A895B7BE9ABC9355314447AE805C7750EE35CC42CB91
                                                                                                                            Function 0960CE60 Relevance: .1, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1101f7865ca94ea532e08ba0f4d9083ab68135276e0f7a7f5574de129d0c113c
                                                                                                                            • Instruction ID: ba78a5a08a5ee666c624dfce412709e735fb6425c4375729bea1fe29040e6cfe
                                                                                                                            • Opcode Fuzzy Hash: 1101f7865ca94ea532e08ba0f4d9083ab68135276e0f7a7f5574de129d0c113c
                                                                                                                            • Instruction Fuzzy Hash: BE317E307102069FCB18DF69E4A596A7BF6EFC5304B008269F546CB3A5DB34DD45CB92
                                                                                                                            Function 096560F8 Relevance: .1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c93cf5a9aca3fc895dfe5b5d081b8fa6a16fdc05bf3938cb0da67f4345de9fa5
                                                                                                                            • Instruction ID: bead47113e3dc076ac6d74ae07e83eb6dd4b0df94adc590264cd6b8dcf6b7396
                                                                                                                            • Opcode Fuzzy Hash: c93cf5a9aca3fc895dfe5b5d081b8fa6a16fdc05bf3938cb0da67f4345de9fa5
                                                                                                                            • Instruction Fuzzy Hash: 8A21BF307002459FDB159F69A855A7F7BAAFBC5350F118569E946C7341DE318C02CBA2
                                                                                                                            Function 09625000 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15da69accf7ecd26303763f817b95c451f03e1e6110ff729c0852d2f43470615
                                                                                                                            • Instruction ID: 97f38d66a1d64019ff2b834757c660a6c5aa515d148becffc18823db06b21bb8
                                                                                                                            • Opcode Fuzzy Hash: 15da69accf7ecd26303763f817b95c451f03e1e6110ff729c0852d2f43470615
                                                                                                                            • Instruction Fuzzy Hash: 6521051138D3D10FC72247B668656997FB0DFC351170A40EBE286CBA97C959480BCBE2
                                                                                                                            Function 09658C15 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4715ed340cadd64a51475511a3aa59ed33f2ff046e0f775424a95fda101a968
                                                                                                                            • Instruction ID: ae6355e39d0b493e80ec9c3baebe2ae7c38c0df62967bc8cf061a54e62b57fee
                                                                                                                            • Opcode Fuzzy Hash: a4715ed340cadd64a51475511a3aa59ed33f2ff046e0f775424a95fda101a968
                                                                                                                            • Instruction Fuzzy Hash: CC312330E10609DFCB04EFA4D858A9DBBB6FF85310F559569E406AB360EF70AD46CB81
                                                                                                                            Function 09652098 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f4d9ef5e30e7dd281180106d4e988c82f1c4409004ac46363bb9cedcc6a1e7a
                                                                                                                            • Instruction ID: 91c1d45ac827a4e04c15d25b021ee2b24ea7fbfa659254328b5d1754b77cc877
                                                                                                                            • Opcode Fuzzy Hash: 2f4d9ef5e30e7dd281180106d4e988c82f1c4409004ac46363bb9cedcc6a1e7a
                                                                                                                            • Instruction Fuzzy Hash: 0D319A30B012549FCB18EB78D42866E7BB6BF8A300F1485ADE95ADB390DF719D45CB81
                                                                                                                            Function 088C7D58 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e00abca635404df8a98f26889dc324ba8571aeff1df8f02dcc6d20f65d76b780
                                                                                                                            • Instruction ID: 32074f8947586f80981f4f80142b18f7ca64a1886c49ae5f7c298a2d95f81c0e
                                                                                                                            • Opcode Fuzzy Hash: e00abca635404df8a98f26889dc324ba8571aeff1df8f02dcc6d20f65d76b780
                                                                                                                            • Instruction Fuzzy Hash: 6F3105356002049FDB08EF68D4A8AAA7BB6EF88701F2444ADE506DB7A8DB759C41CF50
                                                                                                                            Function 081D4CD8 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 34975cde9493a9985a080d1b7caea9e6556e06cc8095f1f00e29204b1f02f472
                                                                                                                            • Instruction ID: c40a1aee80e6889be3587097ec8cc7cc7288bf5b8771f27502c9c3273370d7fd
                                                                                                                            • Opcode Fuzzy Hash: 34975cde9493a9985a080d1b7caea9e6556e06cc8095f1f00e29204b1f02f472
                                                                                                                            • Instruction Fuzzy Hash: 332194307402006BD709AB36B910F3F2A5BEFC1361F18896CD5069F6E4DE79ED4A87A0
                                                                                                                            Function 0965645F Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff62445754c66c81dee71ef2401cb5dff580b691440f90216369221cd4208584
                                                                                                                            • Instruction ID: 2a1fd13ac26de1ec58d27e8438fd3d95a7d04d11b43e33ac07459424aeaf8f4a
                                                                                                                            • Opcode Fuzzy Hash: ff62445754c66c81dee71ef2401cb5dff580b691440f90216369221cd4208584
                                                                                                                            • Instruction Fuzzy Hash: B2316D32E002099FCB04DF68E554A9DBBB6FF88350F14812AF906A7364DF30AD46CB91
                                                                                                                            Function 088CB384 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 80863886bb25573a1e58b809b1ec2d8fb06144a1b0cf79ba12bcd99340b3e241
                                                                                                                            • Instruction ID: 0105ad64780b8e696f11d3c48dce134a740ad7801991a3667a5e5605b0a91492
                                                                                                                            • Opcode Fuzzy Hash: 80863886bb25573a1e58b809b1ec2d8fb06144a1b0cf79ba12bcd99340b3e241
                                                                                                                            • Instruction Fuzzy Hash: FD318932D50B468ACB209FB9D801299B771FF99320F24971AE15977241EF30B691CB90
                                                                                                                            Function 0962C8F2 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e02db5ef57fa6691060bd559b94531028b003f887f891b4bd7064689ce1faf4
                                                                                                                            • Instruction ID: 5dd4c7cb5263f9ecbc94cf755012ca85d938f832eca93f12ce5a7ed8226e3fe7
                                                                                                                            • Opcode Fuzzy Hash: 4e02db5ef57fa6691060bd559b94531028b003f887f891b4bd7064689ce1faf4
                                                                                                                            • Instruction Fuzzy Hash: 3D318030B046148FC758DF25D859A6E7BFABF89701B2440AAE446E73A0DF798C01CF91
                                                                                                                            Function 088CB388 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9fa272ed00c2e03ad5294956d31bc8dae916f232f1c4f28c77a8a76b3c84d6a4
                                                                                                                            • Instruction ID: 00f2739bcb5963b191193c891e771c4b93b7b49115403bfa9eea277e5f995c77
                                                                                                                            • Opcode Fuzzy Hash: 9fa272ed00c2e03ad5294956d31bc8dae916f232f1c4f28c77a8a76b3c84d6a4
                                                                                                                            • Instruction Fuzzy Hash: 20317832D50B468ACB20AFAAD801289B771FF99320F24971AE56977241EF30B5D0CB90
                                                                                                                            Function 08A62EC0 Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c3b136a925e1f4047788079aa7811d48bd95e8c510386248885506f9159e988
                                                                                                                            • Instruction ID: b310acd18314d5f362a9e83b6654db0beaccaa05269e5b6a283351d71cbc87e4
                                                                                                                            • Opcode Fuzzy Hash: 1c3b136a925e1f4047788079aa7811d48bd95e8c510386248885506f9159e988
                                                                                                                            • Instruction Fuzzy Hash: 41315635E10609AFCB04CFA9D5809DEFBF6FF88310B10816AE815BB324EB71A815CB50
                                                                                                                            Function 09656470 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cdd1607dc850feeb164cf7764194a7918407e1582a74e8a2fd84c550e1ff6f04
                                                                                                                            • Instruction ID: e3bc6fa08ae3e1c0f3726b5db7555f9a2e22d437d333b277531aeaaceeb6ad9f
                                                                                                                            • Opcode Fuzzy Hash: cdd1607dc850feeb164cf7764194a7918407e1582a74e8a2fd84c550e1ff6f04
                                                                                                                            • Instruction Fuzzy Hash: E2316D32E002199FCB04DF68E554A9DBB76EF88350F54812AF906A7354EB70AD46CBD1
                                                                                                                            Function 0960C8C0 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8134a3c1e82ebfe765c920637b3f05d26291430c79e2ab248958ee22d6f69abf
                                                                                                                            • Instruction ID: b9f67b5195e3ab454581eb9b5d1a1a73888df4462ede91a0b3a1ee8031abd48a
                                                                                                                            • Opcode Fuzzy Hash: 8134a3c1e82ebfe765c920637b3f05d26291430c79e2ab248958ee22d6f69abf
                                                                                                                            • Instruction Fuzzy Hash: 952153727052514FD7596F2C64A832EBAD2FBC9350F18876DE48AD73C1DB2C88418795
                                                                                                                            Function 0962C640 Relevance: .1, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3bc9996579320e75de429e7eaddfb28472d714ef5a2561855ee4126d49acff56
                                                                                                                            • Instruction ID: 5cb69ced035cc6810e46c4eaca4a26a701caa98fad07822929f996935db269fb
                                                                                                                            • Opcode Fuzzy Hash: 3bc9996579320e75de429e7eaddfb28472d714ef5a2561855ee4126d49acff56
                                                                                                                            • Instruction Fuzzy Hash: 4A318D31B009518FCB14EF29E94856E7BF6FF88701B1480AAF456CB255DB388906CF95
                                                                                                                            Function 0965C2E0 Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c339d6e92b0611fdb8e14dbcdb6a0df85423fea14ed4e8732abd30c09297f300
                                                                                                                            • Instruction ID: 86ad68cc15f08bf145568653833745cafd9f9befebadc92e69887616ca84ae3b
                                                                                                                            • Opcode Fuzzy Hash: c339d6e92b0611fdb8e14dbcdb6a0df85423fea14ed4e8732abd30c09297f300
                                                                                                                            • Instruction Fuzzy Hash: FA21293650A3858FCB129F24D881995BF75FF82310F0981E7D891CB163D7399859C7A6
                                                                                                                            Function 096532D0 Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c7a6d4e98d79a1e23ee8d7f92ad87e0b9155ed9049398c787dc0ee66ca63431d
                                                                                                                            • Instruction ID: b5799969a214a2cd318446db5eb026dc32bb3e2f4d86b95e4568c412291794e8
                                                                                                                            • Opcode Fuzzy Hash: c7a6d4e98d79a1e23ee8d7f92ad87e0b9155ed9049398c787dc0ee66ca63431d
                                                                                                                            • Instruction Fuzzy Hash: D1318170E053999FCB05CFA8C5609DDBFB1AF4A300F1440AAD802EF366DA759C49CB50
                                                                                                                            Function 0965A4E9 Relevance: .1, Instructions: 80COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5e9ef03f6ed8515c662e37326840f76760c885599b17017ab0610e66e44757aa
                                                                                                                            • Instruction ID: 8c152a375054bae6d75d897e11b6c17ae87819ab091c5ab448cffd1db70f7634
                                                                                                                            • Opcode Fuzzy Hash: 5e9ef03f6ed8515c662e37326840f76760c885599b17017ab0610e66e44757aa
                                                                                                                            • Instruction Fuzzy Hash: A8218F71B002458FCB15AFA9D4909AA7BB5EF89314F00436AE8478B395EF24DD05CB91
                                                                                                                            Function 0965A4F8 Relevance: .1, Instructions: 80COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dd4ec616d7e6c89675c09549b6c743c634d4b63b401eef934dcebbf202a5ccd1
                                                                                                                            • Instruction ID: 8476b3e06917230a1147f2fbfe1a54785d54a05a0bba38c5a203e29f4381090d
                                                                                                                            • Opcode Fuzzy Hash: dd4ec616d7e6c89675c09549b6c743c634d4b63b401eef934dcebbf202a5ccd1
                                                                                                                            • Instruction Fuzzy Hash: 4F217171B002098FCB14EFA9D49096E77B9EFC9350F104269E8068B394EF34DD45CB91
                                                                                                                            Function 081D69A0 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c7adc8f5fe675eea45732506d1430780f461d7b31803c9cd67af2f696de6358a
                                                                                                                            • Instruction ID: cbf88f2bdf47b9e766d51ab03041338bebc07335e71fdba271da5769b71e20ce
                                                                                                                            • Opcode Fuzzy Hash: c7adc8f5fe675eea45732506d1430780f461d7b31803c9cd67af2f696de6358a
                                                                                                                            • Instruction Fuzzy Hash: 5721CF35B047108BC7259B68E45091BBBE6EFC9B2271589BDD88ACB745DB35EC02C7E0
                                                                                                                            Function 088CB720 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a02d1040614d15338a91ba69e4c5e692a852e8549455fbaa56d4852d0dd92171
                                                                                                                            • Instruction ID: d3c07df73dba209b9b47358db3e1e0cb04abe6a8f3fc3113630718cbf8f3fb81
                                                                                                                            • Opcode Fuzzy Hash: a02d1040614d15338a91ba69e4c5e692a852e8549455fbaa56d4852d0dd92171
                                                                                                                            • Instruction Fuzzy Hash: 582191347097D0CFC7199B75B47922A3BADABC2756F0400AEE493CB689DA398845CF53
                                                                                                                            Function 09629670 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ac7a19cf498277e6a2b80389fe7ac4cb081dab52dc408e3bf4a18bcad6ec1f3d
                                                                                                                            • Instruction ID: 8bd3a3816cff832a52172cc429736c20d6ecc6b2c17bdaae984d1ca601859414
                                                                                                                            • Opcode Fuzzy Hash: ac7a19cf498277e6a2b80389fe7ac4cb081dab52dc408e3bf4a18bcad6ec1f3d
                                                                                                                            • Instruction Fuzzy Hash: EF21CF747016218FDB149F65CA98A6EBBA9FFC4740B0440A9E506CB361DB30D804CFA0
                                                                                                                            Function 0962C900 Relevance: .1, Instructions: 78COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2c6f39858ed67753f612499d947fc437625d46685a4f3b6e313540fa8965ca30
                                                                                                                            • Instruction ID: eda1154a15efa1f98d9b2ec95c3f3788738f94f554b9232ada390c446881326d
                                                                                                                            • Opcode Fuzzy Hash: 2c6f39858ed67753f612499d947fc437625d46685a4f3b6e313540fa8965ca30
                                                                                                                            • Instruction Fuzzy Hash: 05217C30B046148FCB58EF25C859A6E7BFABF89701B2440AAE446E73A0DF799C01CF50
                                                                                                                            Function 09688961 Relevance: .1, Instructions: 78COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aa6e624f5e41673d9e5f68f6960a2d1cd7371ae1596a4d3e7250d3bf06d2e64f
                                                                                                                            • Instruction ID: e534e4f367db843a66e3b7f1a32ab37cfa3d4ff2d8ad62dd28060e72fc845ff3
                                                                                                                            • Opcode Fuzzy Hash: aa6e624f5e41673d9e5f68f6960a2d1cd7371ae1596a4d3e7250d3bf06d2e64f
                                                                                                                            • Instruction Fuzzy Hash: 57219A357011149FC744EF29E888DAEBBE9EF8922071581AAE419CB3A1CB30EC01CB60
                                                                                                                            Function 09653EF8 Relevance: .1, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a9d4828a8f78f7fe6e29d2e80b5d93eeef4013d95e24cffc1905bc66ea78bbf9
                                                                                                                            • Instruction ID: bbc3c3bfba6d95ac80f4e784795e1f6de39a94ca9b29cfa66c3bfbb79b3b2f7f
                                                                                                                            • Opcode Fuzzy Hash: a9d4828a8f78f7fe6e29d2e80b5d93eeef4013d95e24cffc1905bc66ea78bbf9
                                                                                                                            • Instruction Fuzzy Hash: 9E214C35B00205DFCF14DEA9D8C09AAB7F5EB89794B248469E90AC7355E731EC06CBA1
                                                                                                                            Function 088C84F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f51307cf02679956f62e981ecbd9060f422406f5f59aaf293882188fc2d3fbe8
                                                                                                                            • Instruction ID: 40550f77262fef32ebd3962c6202a3d9726568aa710a642028b4426819922925
                                                                                                                            • Opcode Fuzzy Hash: f51307cf02679956f62e981ecbd9060f422406f5f59aaf293882188fc2d3fbe8
                                                                                                                            • Instruction Fuzzy Hash: 9F317531E10606CBCB25AFB9D4241AAB7B5FFC4311F10862ED456A7684DF70E981CF91
                                                                                                                            Function 088C07B4 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c76626dd0f88d8da90e24f4dae707cd724932464bcf2a7da04bc5cb7985bc364
                                                                                                                            • Instruction ID: a7436576abfbd35ec5b37cb0cb15c607c4cc4823533f5d0e06e346e4dc5df2e7
                                                                                                                            • Opcode Fuzzy Hash: c76626dd0f88d8da90e24f4dae707cd724932464bcf2a7da04bc5cb7985bc364
                                                                                                                            • Instruction Fuzzy Hash: 4E31C0B4D01648DFDB24DFAAC984ADEBFF5EF48304F24842AD415AB254CB749846CF90
                                                                                                                            Function 0960C218 Relevance: .1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 214c149d2797e389ece7f06abad2e8d82065bf0bed93c2f60e67dca5d3b9e8b1
                                                                                                                            • Instruction ID: 6b807f4c949b713918853530091322d3bcb5ba0fad88e5bccb44263a24bf92ea
                                                                                                                            • Opcode Fuzzy Hash: 214c149d2797e389ece7f06abad2e8d82065bf0bed93c2f60e67dca5d3b9e8b1
                                                                                                                            • Instruction Fuzzy Hash: 39317A71240A408FC718DF29D49891ABBF2FFCA31071585AAE88ACB776CB35EC41CB50
                                                                                                                            Function 096571F8 Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 623624ff364bc0d4b42ae885f740ac3f7a631e62f2ef4bcf7833c539224d5edd
                                                                                                                            • Instruction ID: 7cb8f77716950943c1cbd7c2bd8a9ef5e8f4ac4f03ee52f387b564076fbde893
                                                                                                                            • Opcode Fuzzy Hash: 623624ff364bc0d4b42ae885f740ac3f7a631e62f2ef4bcf7833c539224d5edd
                                                                                                                            • Instruction Fuzzy Hash: 9B21E7322462049FCF119EA8AD10AD93F65AF56370F148267FD66CA2E1D631D490E751
                                                                                                                            Function 088CBE5A Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 804020d6533605e993f64059b1bb7bf25102375e98d90796c622fa214af13682
                                                                                                                            • Instruction ID: e8fc3348a7f1cd97f31cc135e330da906f6f60df2a45aaafe51386bb045398f5
                                                                                                                            • Opcode Fuzzy Hash: 804020d6533605e993f64059b1bb7bf25102375e98d90796c622fa214af13682
                                                                                                                            • Instruction Fuzzy Hash: 6931F03860A3C0CFC71AAB74A0382547FB9AB9A311F1444ABD4A6C73A2DA398455CF17
                                                                                                                            Function 09659F49 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e160ba5bf8b29ea8165030f5428871bfbfd0e9e513bd689c733f6b41f238a460
                                                                                                                            • Instruction ID: 9b4d8f586f3ff0fd297f59c74c606295279fc491c052b6db78fbd0e6f7a75358
                                                                                                                            • Opcode Fuzzy Hash: e160ba5bf8b29ea8165030f5428871bfbfd0e9e513bd689c733f6b41f238a460
                                                                                                                            • Instruction Fuzzy Hash: E12198316007448FC329CF29E84099ABFF5AF86314B048A7EE84AC7672D671A846CB90
                                                                                                                            Function 0965B530 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b786be0289dd53c641653364b32bc9c4be29bec04aa3dc161f45e4e493754bc4
                                                                                                                            • Instruction ID: 5151f71b355fc8306b7c068833ab2c5e813865eb0f43ec054ef9e8ec94c7b1dc
                                                                                                                            • Opcode Fuzzy Hash: b786be0289dd53c641653364b32bc9c4be29bec04aa3dc161f45e4e493754bc4
                                                                                                                            • Instruction Fuzzy Hash: C721D479B005158FC704DF69D99886ABBF6FF89715B2640A9E906DB331CB30ED01CB61
                                                                                                                            Function 0308D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230037566.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_308d000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b9962e4324eefe37dff1f6e104c43bb9dfe537f444262368017f1f1899a459b
                                                                                                                            • Instruction ID: 964aa2cbe986c687533fc7425b78ccb25ff11868a5e163a05518d8bea7ac975d
                                                                                                                            • Opcode Fuzzy Hash: 2b9962e4324eefe37dff1f6e104c43bb9dfe537f444262368017f1f1899a459b
                                                                                                                            • Instruction Fuzzy Hash: 3221F571504304DFDB14EF24D984B1ABFA5EB84314F24CAA9D9894B396C33AD407CA61
                                                                                                                            Function 08A61068 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236245427.0000000008A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_8a60000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7abd0bafd558b3074546dfdc381eba9bab525554925058c2ee02ea3ad6648ca5
                                                                                                                            • Instruction ID: 19f4c7d1896cd14f7a2ce6ecb60079b0b3469f3ffd85ac295f7b9b4f97aef9ce
                                                                                                                            • Opcode Fuzzy Hash: 7abd0bafd558b3074546dfdc381eba9bab525554925058c2ee02ea3ad6648ca5
                                                                                                                            • Instruction Fuzzy Hash: F121C230700105AFCB149B69E944A6ABFE7EFC4321714856EE416D7BA9DB30CC21CB60
                                                                                                                            Function 088C45E8 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6dc8fb68cca3020ce6a99417e8a5f587baf87a35170cf4c9c9fb6a2e2c816aba
                                                                                                                            • Instruction ID: 2486ebcd538fb17f01b64e1f1bb432ffa6ef9673c38251b65305761025ddefd8
                                                                                                                            • Opcode Fuzzy Hash: 6dc8fb68cca3020ce6a99417e8a5f587baf87a35170cf4c9c9fb6a2e2c816aba
                                                                                                                            • Instruction Fuzzy Hash: 4B317679910204EFCF21DFA5EA16EACBFB6FB88304F108066F2405A268CF315950DF51
                                                                                                                            Function 088C07C0 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b11988158a368e3c0f893b6ac84fb9c34509db5ed71adb6a7e59ea09cc7b32ca
                                                                                                                            • Instruction ID: 0041a2dc443099e05c552b4d575a9b88106dea4af17267199be726859d0090fe
                                                                                                                            • Opcode Fuzzy Hash: b11988158a368e3c0f893b6ac84fb9c34509db5ed71adb6a7e59ea09cc7b32ca
                                                                                                                            • Instruction Fuzzy Hash: FF31D0B4D01648DFDB14DFAAC984ADEBBF5EF48300F14842AE419A7254DB74A845CF90
                                                                                                                            Function 09653EE8 Relevance: .1, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f96b27741e22811953d2dd41dc78626a9b7a8613f61dc917ac532dcc0877584f
                                                                                                                            • Instruction ID: 0eb630e88f12c450e1e1888816ff3708717e79349efb9c979c03942ff0a6e93f
                                                                                                                            • Opcode Fuzzy Hash: f96b27741e22811953d2dd41dc78626a9b7a8613f61dc917ac532dcc0877584f
                                                                                                                            • Instruction Fuzzy Hash: 6B214F34B00200DFCB14DF68D8C09AAB7F2EB89784B248569E90AD7315E731EC06CBA1
                                                                                                                            Function 0965A050 Relevance: .1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 618a37780527acc7adeb416cd803d79fad524e3a37c201e8db286e126a44ec9d
                                                                                                                            • Instruction ID: 0894473bbabf4a5a757d560ccb0e28c6823fef54edeec12e78656f28e69e508c
                                                                                                                            • Opcode Fuzzy Hash: 618a37780527acc7adeb416cd803d79fad524e3a37c201e8db286e126a44ec9d
                                                                                                                            • Instruction Fuzzy Hash: FB212E317007418FC728AFA8D49862AB7E6FBC8765B144569E85BC7750EB34EC068B51
                                                                                                                            Function 0965E630 Relevance: .1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fc38ff6ca6cd5bb19c4c95dbb87693c066ebf558e538f4c77be874c24c0c29d8
                                                                                                                            • Instruction ID: aed8b9591d4c6e9130229deabbd962031614bd2bc59df95cfe16828abc765386
                                                                                                                            • Opcode Fuzzy Hash: fc38ff6ca6cd5bb19c4c95dbb87693c066ebf558e538f4c77be874c24c0c29d8
                                                                                                                            • Instruction Fuzzy Hash: D321AF326046089FC755DFA8D550D9BBBF9FF46310F0186AFE086CB661EA30E984CB90
                                                                                                                            Function 0965B050 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c7e5dbdc365f1430b68611003f16723143dea2620adc67bf295f9f8c4f76c452
                                                                                                                            • Instruction ID: c629b82dd697bb78645f49cceaa511f93dc031c9b027dcca990cc100760731e5
                                                                                                                            • Opcode Fuzzy Hash: c7e5dbdc365f1430b68611003f16723143dea2620adc67bf295f9f8c4f76c452
                                                                                                                            • Instruction Fuzzy Hash: F5215E716007059FCB20CFBAD98095BBBF6BF98260B14872DE85AC7325D770E8058B50
                                                                                                                            Function 088CB380 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 46a806699e375e7d3f32a9f76ab6f42a51a7679e057dcb30483f59efdda67eb2
                                                                                                                            • Instruction ID: 2687d9961b79b04b753be31d9a17c778c012c6e507e4cadcfbebb6dac751faef
                                                                                                                            • Opcode Fuzzy Hash: 46a806699e375e7d3f32a9f76ab6f42a51a7679e057dcb30483f59efdda67eb2
                                                                                                                            • Instruction Fuzzy Hash: A1219C32E50B46CADB209FB9D810388B771FF98324F24971AE06977245EF30B590CB80
                                                                                                                            Function 0965A6A9 Relevance: .1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 962ce7f4d1f699fcf6c4baf0be315da2c088afd22806e30632c2a5ac860f18af
                                                                                                                            • Instruction ID: 48ce35dc8c794c6133a4cf43324f876e2d9189207986adcb11ec3dce25f329b1
                                                                                                                            • Opcode Fuzzy Hash: 962ce7f4d1f699fcf6c4baf0be315da2c088afd22806e30632c2a5ac860f18af
                                                                                                                            • Instruction Fuzzy Hash: 01113B31B042840FC742AFB8942026EBFB5DFCA310F0445FAE55ECB692DA75880ACB91
                                                                                                                            Function 09629DE8 Relevance: .1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 36f5d6cd5c262cbecf5c5a08b1d7470ca7f438bedb0d1afab59b3c6c3107c361
                                                                                                                            • Instruction ID: eafbd23084caf9e7ccf775cf12da78a9b4ee63120f0417c6b50c60d1541bb45d
                                                                                                                            • Opcode Fuzzy Hash: 36f5d6cd5c262cbecf5c5a08b1d7470ca7f438bedb0d1afab59b3c6c3107c361
                                                                                                                            • Instruction Fuzzy Hash: 44219D30300652ABC709AF34D26446E7BEABFC5700754446AE456CBBB4CB34ED12CBD1
                                                                                                                            Function 09626B52 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e93df1ee496485e94825a5a623088ec7b27712a6040a83c357cc5e1e6581b548
                                                                                                                            • Instruction ID: a96940c0400b64e1d85162eb618cc9cf6a8e686f52ba04cc30471a648fc23c9c
                                                                                                                            • Opcode Fuzzy Hash: e93df1ee496485e94825a5a623088ec7b27712a6040a83c357cc5e1e6581b548
                                                                                                                            • Instruction Fuzzy Hash: A421C330A44384AFCB158F78E41A65D7FF5AF86301F1041EAD446CB792DA718C42CF92
                                                                                                                            Function 09652C49 Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ac87b35a9cd168b5654b0d1affdb513a781092db29825efc9f26135e05dc8b7f
                                                                                                                            • Instruction ID: d991777bd454b56d1b62885c4bea2a5ebb7a4fd04fe3fed22c6b30ee828e656d
                                                                                                                            • Opcode Fuzzy Hash: ac87b35a9cd168b5654b0d1affdb513a781092db29825efc9f26135e05dc8b7f
                                                                                                                            • Instruction Fuzzy Hash: 24219031D106199FCF05EF68D8548DDBBB5FF8A310B05826AD402BB270EFB0994ACB91
                                                                                                                            Function 081D4DF0 Relevance: .1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 60f86cc516dd8c95946b4232a88b5662e8c6815d39710e3a744c51d9f68a12fb
                                                                                                                            • Instruction ID: 3e69b58b915f08ca316d566623a5dd7acaf7998158fc70d87c3190365a0e4274
                                                                                                                            • Opcode Fuzzy Hash: 60f86cc516dd8c95946b4232a88b5662e8c6815d39710e3a744c51d9f68a12fb
                                                                                                                            • Instruction Fuzzy Hash: 9E1100307003118FC724DBA8E884E1A7BB9FFC52217140A6DE506CB351DB39EC06CBA0
                                                                                                                            Function 0965E068 Relevance: .1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8b803ef948edf5502c7a0506eeef080b8d09a19393ef092a56de041bea68090b
                                                                                                                            • Instruction ID: 6f5315a030427b2ff38aaf6ea2559ffae93b7c57580c3c93ae1a0fb697e70175
                                                                                                                            • Opcode Fuzzy Hash: 8b803ef948edf5502c7a0506eeef080b8d09a19393ef092a56de041bea68090b
                                                                                                                            • Instruction Fuzzy Hash: F7210331A00208CFCB29DFA9D548ADEBBF1EF8C310F14806AD406F7260EB365944CB65
                                                                                                                            Function 09656927 Relevance: .1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8874ac49b93f2b797bedec64c8cde4d5fb72f471055f39dea842025033b80400
                                                                                                                            • Instruction ID: 84f92c7287570dcf9fba28301e661d471ace0ad0d7b4b6a571e4f43268e03fa4
                                                                                                                            • Opcode Fuzzy Hash: 8874ac49b93f2b797bedec64c8cde4d5fb72f471055f39dea842025033b80400
                                                                                                                            • Instruction Fuzzy Hash: 7421C631E002598BDF19CF65C4606EDBFF2AF88320F54816AE452B7294DB354945CB60
                                                                                                                            Function 09652300 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d987dc06d3bef922a2e4f7c039f0047fd647e508208ede97e9f6fab4caae920a
                                                                                                                            • Instruction ID: 60f4cdee8f2a54a70834fce43804ddf3b1cd76bc53d6a466cc16f7ca63db4195
                                                                                                                            • Opcode Fuzzy Hash: d987dc06d3bef922a2e4f7c039f0047fd647e508208ede97e9f6fab4caae920a
                                                                                                                            • Instruction Fuzzy Hash: E3219F30A007949FDB259F74E4183AEBFB1FF45311F04941ED89796290CBB85589CB82
                                                                                                                            Function 0308D007 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3230037566.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_308d000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f8008a54c30fcfb6d8308ab1f5a7277115e41ac9af4897a0988fb5dffbe46277
                                                                                                                            • Instruction ID: 658c2c6c9572094345f4d231dc9656b1285ef3780b71c6d642987917a96d870d
                                                                                                                            • Opcode Fuzzy Hash: f8008a54c30fcfb6d8308ab1f5a7277115e41ac9af4897a0988fb5dffbe46277
                                                                                                                            • Instruction Fuzzy Hash: B32162755093808FDB12DF24D994715BFB1EB46214F28C6DAD8898F6A7C33AD40ACB62
                                                                                                                            Function 0962E890 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 81f1e198dce1c977d4ac42a8bd4ef7acf9aad0a6676f8f5cc87708139dbd73c7
                                                                                                                            • Instruction ID: f4282d016a6eb8ba728268ebf5fbb398c782bedbd28dc314708943b7efe9d6a0
                                                                                                                            • Opcode Fuzzy Hash: 81f1e198dce1c977d4ac42a8bd4ef7acf9aad0a6676f8f5cc87708139dbd73c7
                                                                                                                            • Instruction Fuzzy Hash: 8E113430600640CFD76ACF6AE444AA97BF1FF86361B14806AF846CB3A0CB36D841CF21
                                                                                                                            Function 09629DF8 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d9d70a980167b099e0091e6b59b82eb7525fb6b6351077a2e7ea4dd5ef45f26d
                                                                                                                            • Instruction ID: 0a684d88dd4d3ab3d8f83a8f4e4c60629f7fe7116d72235dda38b3e27b883884
                                                                                                                            • Opcode Fuzzy Hash: d9d70a980167b099e0091e6b59b82eb7525fb6b6351077a2e7ea4dd5ef45f26d
                                                                                                                            • Instruction Fuzzy Hash: 9A114C31300552ABC709AF74D25496E779ABFC8700B644459E416CB7A4CF35ED11CBD1
                                                                                                                            Function 096547C0 Relevance: .1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44c19e2cddf284559cce612018d278d679a8dd8386a90dfc55ab9e73f47ad862
                                                                                                                            • Instruction ID: ab7a6171c7c7d9ece702dbafba9b20d1d848d11466cd48f663bfca2d5c63fe7f
                                                                                                                            • Opcode Fuzzy Hash: 44c19e2cddf284559cce612018d278d679a8dd8386a90dfc55ab9e73f47ad862
                                                                                                                            • Instruction Fuzzy Hash: 65118E307002409FCB19DF28E451C5ABBEAEFD9310B1585AAE446CB778DB74DD46CB90
                                                                                                                            Function 081D61A8 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec3d1fb5a473b5f149b3b567d86a9412af4a3438fa03d6431e37e2b1ece4ac28
                                                                                                                            • Instruction ID: a6e300b99720b6d2777d286d5f5b4b6a88bcdf681cde6d4a32d97f84a2f0d08a
                                                                                                                            • Opcode Fuzzy Hash: ec3d1fb5a473b5f149b3b567d86a9412af4a3438fa03d6431e37e2b1ece4ac28
                                                                                                                            • Instruction Fuzzy Hash: C111BE34A00605CFCF15DF99D8C08AAFBB6FF98310B148A6AD94AD7625C730B911CFA0
                                                                                                                            Function 0965BE09 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 501e3b267def7291eae82d73613d05abaaa6be090e6bb11ca6c60505483b6b6c
                                                                                                                            • Instruction ID: cac314787de6be3d417f1cf0f0ffb5f87411105e941fc985819b5b57a79a6942
                                                                                                                            • Opcode Fuzzy Hash: 501e3b267def7291eae82d73613d05abaaa6be090e6bb11ca6c60505483b6b6c
                                                                                                                            • Instruction Fuzzy Hash: 5B11E336A01645DFCF118F64D4808AAFB79FB81364B08C2A7E95687101C331E965CBD9
                                                                                                                            Function 09657317 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa6c2738087c06fec137c0e96f75e4c10633633b3c5848ea8dc296545ff4db09
                                                                                                                            • Instruction ID: 7d6d0d80e8727add0e482eb2e6513d8457444fbc3ffb56cdcac1bd724239d5d2
                                                                                                                            • Opcode Fuzzy Hash: fa6c2738087c06fec137c0e96f75e4c10633633b3c5848ea8dc296545ff4db09
                                                                                                                            • Instruction Fuzzy Hash: 8611CB31A102589FCF05EF74E8156ED7BB2EF85701F008139F506A7260EF359955CB91
                                                                                                                            Function 0965E221 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd4c5f0134f0b063bd040004545f4a9bb0d2a54c3b91394f04cb96fce2ccdb65
                                                                                                                            • Instruction ID: 5a1e7090a06a9330d530451f3a7f7e7dbfe4779231172930ffd26f6add2f857c
                                                                                                                            • Opcode Fuzzy Hash: bd4c5f0134f0b063bd040004545f4a9bb0d2a54c3b91394f04cb96fce2ccdb65
                                                                                                                            • Instruction Fuzzy Hash: AB217231D10619DFCF15EFA4D5549ADBBB1FF45300F01856EE8067B260EB70AA4ACB81
                                                                                                                            Function 096081B7 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d887cad53b4c2e60996dba9c93c01cedbdd7aaf420f1c9e6c2b135537553f91
                                                                                                                            • Instruction ID: 5f6104914c9b84f25927dd87df420b1f9a5edc69088dd08374cc6e10d493befb
                                                                                                                            • Opcode Fuzzy Hash: 4d887cad53b4c2e60996dba9c93c01cedbdd7aaf420f1c9e6c2b135537553f91
                                                                                                                            • Instruction Fuzzy Hash: BB11E234600205DFCB18DF65E8948AFBBB2FF85310B04856AE816AB791C730AD05CBA0
                                                                                                                            Function 09626F61 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 69a613aa8890dd1ccdd3b24c17a8918e4b9b6d2f0011c0ae56a6648dc8d5b5a2
                                                                                                                            • Instruction ID: 42e0a0c287665f13fe766e27e770e6e8922ac8f76c4b893c77cc3c460bfba538
                                                                                                                            • Opcode Fuzzy Hash: 69a613aa8890dd1ccdd3b24c17a8918e4b9b6d2f0011c0ae56a6648dc8d5b5a2
                                                                                                                            • Instruction Fuzzy Hash: A3219D35A006688FCF29DF68C4189EEBBF1AF89314F14416AD452B7261DB71994ACFA0
                                                                                                                            Function 081D4270 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d65b69955c487ab07c025191d0fe7dfa2c5ae78cf6e4f8dc5b19cdbaf9989ca9
                                                                                                                            • Instruction ID: dd64d097b62043124c80172c1ec9e46db9665b5270a1fc62c8dd7f1d7229f7de
                                                                                                                            • Opcode Fuzzy Hash: d65b69955c487ab07c025191d0fe7dfa2c5ae78cf6e4f8dc5b19cdbaf9989ca9
                                                                                                                            • Instruction Fuzzy Hash: 8A11BE302017015FC715DB28E94089ABFABEFC12247188A6DD05A8B6A6DB75ED4FCB94
                                                                                                                            Function 096589A7 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ffda6cc922034ef230f7fab641ac89d0b4a15eb226193fb759f9f05e3db71527
                                                                                                                            • Instruction ID: f340dc83c28b5e07a53efad3b5541dd7ed33437fce46ba1aef1afcd6e54593bd
                                                                                                                            • Opcode Fuzzy Hash: ffda6cc922034ef230f7fab641ac89d0b4a15eb226193fb759f9f05e3db71527
                                                                                                                            • Instruction Fuzzy Hash: 8011C4317006029FCB059F2CD8958597BA9FFCA710B1581ABE906CB725EB71EC02CB51
                                                                                                                            Function 09652308 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b8242452b80abcc3bd2f05b6459dff5a4a77e72bb005611ddcd7ecee61fcf9c2
                                                                                                                            • Instruction ID: b638f25b9ba7d7b8f14d1e6bef863a7289b0ff5c657336a22705eff029e4703c
                                                                                                                            • Opcode Fuzzy Hash: b8242452b80abcc3bd2f05b6459dff5a4a77e72bb005611ddcd7ecee61fcf9c2
                                                                                                                            • Instruction Fuzzy Hash: 88218E30A00B949FDB25AF74D4183AEBBB1FF45321F04941ED89796290DBB86589CB82
                                                                                                                            Function 081D4E00 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 31e35d9db8102bd0f7ed2a618a834573ac067cbf54907d61aa40bef021b60bb6
                                                                                                                            • Instruction ID: 5df037d04951e93e8a6b5432b5b25c30a4191362fcb5608d63823d6a50227ae3
                                                                                                                            • Opcode Fuzzy Hash: 31e35d9db8102bd0f7ed2a618a834573ac067cbf54907d61aa40bef021b60bb6
                                                                                                                            • Instruction Fuzzy Hash: 5711C1357007118FCB24DF68E484E1A7BA9FFC4221B104A2DE5068B354DB39EC06CB94
                                                                                                                            Function 09652C58 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 08139e61d696121061bfca0180a5220b8aecd46bed42e45100509e0165868c1a
                                                                                                                            • Instruction ID: 256e46ad993f12ec831d549f2ba0a212a3b2dda822ca0718049fca0c1c7a517a
                                                                                                                            • Opcode Fuzzy Hash: 08139e61d696121061bfca0180a5220b8aecd46bed42e45100509e0165868c1a
                                                                                                                            • Instruction Fuzzy Hash: AB11603291061D9FCF04EF68D8548DDBBB5FF89311F05826AE501BB224EF70A949CB91
                                                                                                                            Function 0962B5C1 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21366f3bcbd07c836a8475436322b7d8b6e08c4da5a934bd432131822bfead21
                                                                                                                            • Instruction ID: b2e1fbd72bfe916ecbd97570d36b76692f5a2add55a8225ad92711d51ec95fdf
                                                                                                                            • Opcode Fuzzy Hash: 21366f3bcbd07c836a8475436322b7d8b6e08c4da5a934bd432131822bfead21
                                                                                                                            • Instruction Fuzzy Hash: D9110631B052406FD759DB28E415B6E7FEAEF89360F1440AEF50ADB391DB348C028B91
                                                                                                                            Function 0960CFC2 Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 85dbecaf107c208d8933838c56f9956b4e4231d376106a488d418d8a148bdfec
                                                                                                                            • Instruction ID: 5b3a7e7286b46000f8a40a46676af0994338651429f63389a46590aaa5cf8844
                                                                                                                            • Opcode Fuzzy Hash: 85dbecaf107c208d8933838c56f9956b4e4231d376106a488d418d8a148bdfec
                                                                                                                            • Instruction Fuzzy Hash: 6A212134D00309CFCB04EFA8D9959AEBBB5EF84305F10855AE469A73A5EB349942CF81
                                                                                                                            Function 0960D02E Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae3324cc3bcbcf1341e8ce2a32408c3d632d6b108fb9029bdb29db3aa143d492
                                                                                                                            • Instruction ID: 88760a2bb85f34646012c9224dd0f3e77b4d445f457c7325384ea020a5a54887
                                                                                                                            • Opcode Fuzzy Hash: ae3324cc3bcbcf1341e8ce2a32408c3d632d6b108fb9029bdb29db3aa143d492
                                                                                                                            • Instruction Fuzzy Hash: E6114F70A006089FC704EFA8D964BAEB7B6EF88311F108159E515AB3E5DF749881CB51
                                                                                                                            Function 096590F9 Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dfce7277a836451568216a8b593a3c184e1513d59d360a2bcbbea337e6e71d16
                                                                                                                            • Instruction ID: 2ddd0b7e3057041a628d4c787b02a71b29c190e9de047ed31ace430f4d5d657e
                                                                                                                            • Opcode Fuzzy Hash: dfce7277a836451568216a8b593a3c184e1513d59d360a2bcbbea337e6e71d16
                                                                                                                            • Instruction Fuzzy Hash: 6D115E75A006049FC701EF78D8448AEBBF4FF8A210B1045AAE945D7321E670A945CBA0
                                                                                                                            Function 09654BD6 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9634ee6c45d1162e4ce70e3f6ecffcc69e1f0d24d37baed4018af46cb7ebac3
                                                                                                                            • Instruction ID: c6ad4572caf2fa6247a11740b2d790e6a1ea6f30ab9d9ac3a35bdcfe4c0f5016
                                                                                                                            • Opcode Fuzzy Hash: f9634ee6c45d1162e4ce70e3f6ecffcc69e1f0d24d37baed4018af46cb7ebac3
                                                                                                                            • Instruction Fuzzy Hash: 70212135A00109CFDB14DF98D494A9CBBB5EF80311F49C19AE846AB361DF71ED86CB41
                                                                                                                            Function 0965E230 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5804dc0ac50b2497d75260a85146a8f2fb38b60c348f2946f11372a6db96f94e
                                                                                                                            • Instruction ID: 31674d57aba3051e9a91e346d9a3ffc50677cf0c5804ef85ecf66d6ce35a4ad1
                                                                                                                            • Opcode Fuzzy Hash: 5804dc0ac50b2497d75260a85146a8f2fb38b60c348f2946f11372a6db96f94e
                                                                                                                            • Instruction Fuzzy Hash: C2114931D1061DDFCF01EFA8D9549ADBBB5BF45300F01852EE8067B250EB70AA8ACB81
                                                                                                                            Function 09625C70 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: db94dcf01693339e4219c8d94b885bba7e18ea0dd8605793e4288fcd35fab796
                                                                                                                            • Instruction ID: 13f852ff40cc451dd0bfe5c0543e48450313504dc715f34bf23574e3e9dbfeef
                                                                                                                            • Opcode Fuzzy Hash: db94dcf01693339e4219c8d94b885bba7e18ea0dd8605793e4288fcd35fab796
                                                                                                                            • Instruction Fuzzy Hash: 7301D2727046409FC7269F31A55666E7FA7ABC0311B04416DE402C7390EEB4880ACB52
                                                                                                                            Function 09687970 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 35437ee417f5352a7b53fb16f880130cc9cd6ee9db1187cb9fc143c9f70fe0c7
                                                                                                                            • Instruction ID: 60f644777a9f43d88f45f3fab3aafc9607c6b3a60c3d2325be4dcb95554d8e86
                                                                                                                            • Opcode Fuzzy Hash: 35437ee417f5352a7b53fb16f880130cc9cd6ee9db1187cb9fc143c9f70fe0c7
                                                                                                                            • Instruction Fuzzy Hash: 23211775904248EFCF41CFA8D4409AABFF0EF09200B24849AE859DB221D332CA52EF60
                                                                                                                            Function 088C3A48 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 277e1ad24d093245026de342b25835683841bc06b932739cf6c9399f9e658af3
                                                                                                                            • Instruction ID: 3171bad314e06afd4ac25de4a35b6fcf5befce7346d9f675e4dad8ec63220df2
                                                                                                                            • Opcode Fuzzy Hash: 277e1ad24d093245026de342b25835683841bc06b932739cf6c9399f9e658af3
                                                                                                                            • Instruction Fuzzy Hash: 831182346002415FC789AB38B97446D3FEFEFC1350B1544ADD0468BAA4DE766D0ACFA5
                                                                                                                            Function 09620006 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f66cd8c013187451267628ac983b6ce01971f8daaf77c227b066c072450fd8b2
                                                                                                                            • Instruction ID: c9bf275d072eb40f235cde4cf48abf24cc6767202eaca8dc8fe46d76168c4029
                                                                                                                            • Opcode Fuzzy Hash: f66cd8c013187451267628ac983b6ce01971f8daaf77c227b066c072450fd8b2
                                                                                                                            • Instruction Fuzzy Hash: EC11A93190D7C58FC712CB74D851685BFB0AF03220F0900EBC586DB2A2E6755899CBB2
                                                                                                                            Function 081D0A62 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5a489049eab046cedfa6926b070335d4dec2d2be272c6cb3a56588fc5f60f5b6
                                                                                                                            • Instruction ID: d3ad9d539e7732f261a6f51a7c52b8ea39361c08811f3f0f2293cf8d0fbb7cf3
                                                                                                                            • Opcode Fuzzy Hash: 5a489049eab046cedfa6926b070335d4dec2d2be272c6cb3a56588fc5f60f5b6
                                                                                                                            • Instruction Fuzzy Hash: 750147313053968FD7158EA9F490BBA7FE8EF88221F00087ED542C7292C6298A48C371
                                                                                                                            Function 0960CFD0 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 077d1824f50b0af28c7d4e80cca69fd7ed360b2dcf3799aa7873390ca9a54f3d
                                                                                                                            • Instruction ID: 71d87f52fb4ae407f5f0c0bbb20578c0d14722ae2a334d0ecd976e435772ad7c
                                                                                                                            • Opcode Fuzzy Hash: 077d1824f50b0af28c7d4e80cca69fd7ed360b2dcf3799aa7873390ca9a54f3d
                                                                                                                            • Instruction Fuzzy Hash: 1311F434D00309CFCB04EFA8D9559AFBBB5EF84305F10855AD559A73A5EB349942CF81
                                                                                                                            Function 09652A0F Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 281d8c8c67328ec9644b578b479f4b02fc41d7b20d54bdecd6adc61db652f112
                                                                                                                            • Instruction ID: 748eb711fc21ce21b23b12cc06c8c355b4b699248f4708b3ad4e83a7f8edbcb4
                                                                                                                            • Opcode Fuzzy Hash: 281d8c8c67328ec9644b578b479f4b02fc41d7b20d54bdecd6adc61db652f112
                                                                                                                            • Instruction Fuzzy Hash: 7911F674A00219CFDB24DF68C958B9DBBF1BF48304F1580A6E906EB361DB709945DF40
                                                                                                                            Function 0965A128 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3db469525cda08ae8987f83b4a3ec2e0e773f16a914c1dc91d87998b117f7d6b
                                                                                                                            • Instruction ID: 613ca6e7b60e18eb2a077e2242fccc90c0a0c78164ffa17871e6ba601f7533bf
                                                                                                                            • Opcode Fuzzy Hash: 3db469525cda08ae8987f83b4a3ec2e0e773f16a914c1dc91d87998b117f7d6b
                                                                                                                            • Instruction Fuzzy Hash: 3A01D4322093849FC722CF79DC804167F65EF8226572A84EFD55ACB222D725E846C721
                                                                                                                            Function 09659108 Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2ea40ce39b8e609b0c80c936f82decd20cf598136c3e30809397ae30c199cde7
                                                                                                                            • Instruction ID: 5f1d7d5999237786899495af737799cf192350e73cbafa27d68ec796044e2f24
                                                                                                                            • Opcode Fuzzy Hash: 2ea40ce39b8e609b0c80c936f82decd20cf598136c3e30809397ae30c199cde7
                                                                                                                            • Instruction Fuzzy Hash: 50014076A10605DFCB04DFA8D844CAEBBF9FF89211B10426AE905D7320D770AD45CBA0
                                                                                                                            Function 09656FE2 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aa7afa15b90528a1f95bc227fb846a231bb3886ab583cbd73dce65fb7604ad56
                                                                                                                            • Instruction ID: 004985132c729c5aa1a050673b1f1b4107159c05f124a7e95fb8daba51612b51
                                                                                                                            • Opcode Fuzzy Hash: aa7afa15b90528a1f95bc227fb846a231bb3886ab583cbd73dce65fb7604ad56
                                                                                                                            • Instruction Fuzzy Hash: CA117035E002098FCB04DFA4C5546DCBFF0BF49354F1480AAE816BB350DB319986CBA0
                                                                                                                            Function 0960BA98 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 384f623a3124b7aaec76f9426f3bc6f0b7491e358a9e1c12b133aae9f27c035b
                                                                                                                            • Instruction ID: 7db48484fc362834672a6ae935660b98e633504d3737fbc5a4d7b6be28f5f688
                                                                                                                            • Opcode Fuzzy Hash: 384f623a3124b7aaec76f9426f3bc6f0b7491e358a9e1c12b133aae9f27c035b
                                                                                                                            • Instruction Fuzzy Hash: BD11A575E006199F8F50DFA9D84089EFBF6FF4C220B14456AE959E3720D732A9148FA0
                                                                                                                            Function 088CC740 Relevance: .0, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: de62205f60ad142a2b8a07008624a48991bca4a3ce2de3394b3aeda28d576a02
                                                                                                                            • Instruction ID: fbc5f02adf783cb5aa835e0e2ef4154882c3cbad063a2acb156aba443c66a290
                                                                                                                            • Opcode Fuzzy Hash: de62205f60ad142a2b8a07008624a48991bca4a3ce2de3394b3aeda28d576a02
                                                                                                                            • Instruction Fuzzy Hash: D601B1352002058FC749CF28D544D9ABBF6FF85300705C4AAE44ACB636DBB0ED06CB90
                                                                                                                            Function 0962B5E8 Relevance: .0, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f0e0a38970f0af5b6dc22d65c0114cde9f4aec4d719f8bf7564fdaf05e1f317
                                                                                                                            • Instruction ID: 23564d4021d32e9b8cd634f95304d4dd768c0a11a16f8d50665eb57ba6df88df
                                                                                                                            • Opcode Fuzzy Hash: 2f0e0a38970f0af5b6dc22d65c0114cde9f4aec4d719f8bf7564fdaf05e1f317
                                                                                                                            • Instruction Fuzzy Hash: 0401A2357001106FD788EB69E454A6EBBEEEBC8660F148069F909DB380DF709C028BD5
                                                                                                                            Function 02D1D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229764370.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2d1d000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 48e8148ad7173c3179f28d458b845861b4ef66f3f4ae88ef68f593518fd35a1e
                                                                                                                            • Instruction ID: 1ef157ccc45a434909970388caed742d7ed03ab952675f107165c82fc84c42dd
                                                                                                                            • Opcode Fuzzy Hash: 48e8148ad7173c3179f28d458b845861b4ef66f3f4ae88ef68f593518fd35a1e
                                                                                                                            • Instruction Fuzzy Hash: D401A771504344BAE7208B29D984B67BF9CEF45324F38C429ED880A746C379DC45C6B1
                                                                                                                            Function 02D1D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3229764370.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2d1d000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90615d2e3dfa11ff47ddb0d387832235d8b5ba05b01f281c30ae754aa95bfcbf
                                                                                                                            • Instruction ID: bb4b03681ead0e0cf574823e5923048f6cf67beb923f7cd41103726e51376787
                                                                                                                            • Opcode Fuzzy Hash: 90615d2e3dfa11ff47ddb0d387832235d8b5ba05b01f281c30ae754aa95bfcbf
                                                                                                                            • Instruction Fuzzy Hash: 2501406150E3C09ED7128B259894752BFB8EF47224F29C0DBD9888F2A3C2695849C772
                                                                                                                            Function 0960AB98 Relevance: .0, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6b100f847fcb6c084899cb68ec20f48f5d334509fb24c4ecc8b8f8707b6ca1b
                                                                                                                            • Instruction ID: 7c6f259b4e0c15c03fe5a0c0d2547f16f8280bc7439e0a9b5d864460e9dc6bbf
                                                                                                                            • Opcode Fuzzy Hash: e6b100f847fcb6c084899cb68ec20f48f5d334509fb24c4ecc8b8f8707b6ca1b
                                                                                                                            • Instruction Fuzzy Hash: B5F0C2357052109F8708CF59E8948AEBBEEEFC9361314806BE80AC7315DB71CC028B61
                                                                                                                            Function 09608418 Relevance: .0, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21cbd70ccaa94107e326c7e51461a78e521c5fc630c7d7597952ec691a6d2d3e
                                                                                                                            • Instruction ID: d691a78ac14e8b12099b71bb9aced4fa1a423e7d6fa0bf70f919ccb78b502e34
                                                                                                                            • Opcode Fuzzy Hash: 21cbd70ccaa94107e326c7e51461a78e521c5fc630c7d7597952ec691a6d2d3e
                                                                                                                            • Instruction Fuzzy Hash: 6701B1306003008FC769DE68F994A56BFA6FFC1310B44997DD0458FAA1CB79A84ACB90
                                                                                                                            Function 0962D7C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a3fd30c5545c1bfbef69833fea84675e06920d51044e3d8e51c87af167d4f7e7
                                                                                                                            • Instruction ID: 8dec0dbafeeac65d804351e550c0e3a05f2d45e06b6c8c5787550968f9eda8d9
                                                                                                                            • Opcode Fuzzy Hash: a3fd30c5545c1bfbef69833fea84675e06920d51044e3d8e51c87af167d4f7e7
                                                                                                                            • Instruction Fuzzy Hash: 5D0181367046509FC7159F0AE49892EBBEBEFC46217158056FC0A8B358CF74DC06CA91
                                                                                                                            Function 081DD090 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 37a32e43f9dca704482bcb0471c0650c419eec7ce4146511c69eee55f873504c
                                                                                                                            • Instruction ID: 2ea7d159908cad77b64ee6b81fef454a7b931ff3e15d4111947a3cd15ff51f67
                                                                                                                            • Opcode Fuzzy Hash: 37a32e43f9dca704482bcb0471c0650c419eec7ce4146511c69eee55f873504c
                                                                                                                            • Instruction Fuzzy Hash: FB016D34600701CFCB299E39F504627B7EABFC4206714983DD40286615DF76E483CBA1
                                                                                                                            Function 096591B8 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 55abd0563d19246f671bb10d26245444499b79d0a6f56bef1dd0aa27bc319f69
                                                                                                                            • Instruction ID: b50222d52dfb9797724474782691f575e4db921a8c212662bdf0a90347d3e17e
                                                                                                                            • Opcode Fuzzy Hash: 55abd0563d19246f671bb10d26245444499b79d0a6f56bef1dd0aa27bc319f69
                                                                                                                            • Instruction Fuzzy Hash: A6015E3690020AEFCB01DFA4C8048DEBBF5EF4A310B1141A6E514EB271E731AA15DB91
                                                                                                                            Function 096525A7 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 61f5f11e2f1d9ed30313c8673f564683ec69ce06aa80c870cda746f6dfceb1d4
                                                                                                                            • Instruction ID: 2631305c194a47a15968cdc6fc0dd8bb460f27bde740ba36a3f8cca29f18ba87
                                                                                                                            • Opcode Fuzzy Hash: 61f5f11e2f1d9ed30313c8673f564683ec69ce06aa80c870cda746f6dfceb1d4
                                                                                                                            • Instruction Fuzzy Hash: 52110970D0020ADFCB04EFA8D5596AEBBF0FB18304F60856AD816E6350EB759686CF91
                                                                                                                            Function 0965A640 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c0cd6331540899a86c84ff771ca4654ea48aff488676def60a4e6d094d660ab
                                                                                                                            • Instruction ID: 831061c814ed657cdc1b0d062387ca07eace75a83bf96478bebedd9801badcea
                                                                                                                            • Opcode Fuzzy Hash: 7c0cd6331540899a86c84ff771ca4654ea48aff488676def60a4e6d094d660ab
                                                                                                                            • Instruction Fuzzy Hash: 1601AD3121E3D24FC32357A498253A17FA05F47220F0801E7D48ACE693D0888845C7A2
                                                                                                                            Function 088C3E98 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a2420d3bfc702a516535ae5c3e960315cba4b5b4bf3c823992efa88eca1134f
                                                                                                                            • Instruction ID: 89d9a073e275ce42e1a462ddbe7c25ee1d938741744751f7b6a8dd8d676844bd
                                                                                                                            • Opcode Fuzzy Hash: 2a2420d3bfc702a516535ae5c3e960315cba4b5b4bf3c823992efa88eca1134f
                                                                                                                            • Instruction Fuzzy Hash: 720152746003048FD324AF69F42861B7BEAEFC4315F108A69D14687784DF74A80ACF92
                                                                                                                            Function 0962E608 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 59c8ebdba0642ddb3e20163c21972655cde0ede47a8651b273af0dac983acad8
                                                                                                                            • Instruction ID: 27aa4e6caabd41784ca6d82e08da290e5322bb55e0c388d0a0a5ad823dfc291f
                                                                                                                            • Opcode Fuzzy Hash: 59c8ebdba0642ddb3e20163c21972655cde0ede47a8651b273af0dac983acad8
                                                                                                                            • Instruction Fuzzy Hash: F6F04F31301150AFC705AB5AF88489ABFE9FFDA3A17548067F449CB661CB348C47DBA1
                                                                                                                            Function 096878E0 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fdb66138e3e339ebe712625776d6f684cdc872adf929a85fbce8c822e08f0a07
                                                                                                                            • Instruction ID: 5cac2f2bcccf2237f5f30d00a6282c3841206e752e18b9110a8dc21cc7bd5d77
                                                                                                                            • Opcode Fuzzy Hash: fdb66138e3e339ebe712625776d6f684cdc872adf929a85fbce8c822e08f0a07
                                                                                                                            • Instruction Fuzzy Hash: 7701D8319042659FCF25DFA6C9106AFBBF6BF88310F14496DD156B3350CB359904DBA0
                                                                                                                            Function 088C66B0 Relevance: .0, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44c0ccc4c5018795071b6c5cade163920fb84a64afdd5ab56a80d771058bffc2
                                                                                                                            • Instruction ID: 6a4c42321e0b82f9a9ac8cf41ec7a032aad7bdf787241b142194b10703590892
                                                                                                                            • Opcode Fuzzy Hash: 44c0ccc4c5018795071b6c5cade163920fb84a64afdd5ab56a80d771058bffc2
                                                                                                                            • Instruction Fuzzy Hash: 20016D30608388AFC749DF74D8548593FB5FF9620071585EEE446CB662DB36D906CB51
                                                                                                                            Function 09651B68 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 937e8cf5f5350a2ec9e2c35023fb1367045399383be179eb97f49908afd62943
                                                                                                                            • Instruction ID: 25228fc07cfa95f9deadca6a74ca500e7ee66e1141447ce8546373e5eb88068d
                                                                                                                            • Opcode Fuzzy Hash: 937e8cf5f5350a2ec9e2c35023fb1367045399383be179eb97f49908afd62943
                                                                                                                            • Instruction Fuzzy Hash: 7E012830A081188F8B14CF9AD4848DDBBF2EF8D320F09906AE805A7720EA749C529F61
                                                                                                                            Function 096506B8 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 40f71571b71621b6a3db9b8e353a27ebbe38d2c92c0d63cabf571c9b4eb04de0
                                                                                                                            • Instruction ID: f49dce21e152a98e258492cad44750258807979f901d449c01968e37eb16ca90
                                                                                                                            • Opcode Fuzzy Hash: 40f71571b71621b6a3db9b8e353a27ebbe38d2c92c0d63cabf571c9b4eb04de0
                                                                                                                            • Instruction Fuzzy Hash: B701F570D082999FDF11DFB1C9243AEBFB1BF41300F00805AE852A72A1DBB88140CFA2
                                                                                                                            Function 0960CDD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2fad1cf0a25ed915b5c85121ae9a368a5bf982d1ab3923c145d584056315e497
                                                                                                                            • Instruction ID: bc7e0cb1e016df0097a151141e2ad54adefc4234eb3db5194a706ee7fd7100eb
                                                                                                                            • Opcode Fuzzy Hash: 2fad1cf0a25ed915b5c85121ae9a368a5bf982d1ab3923c145d584056315e497
                                                                                                                            • Instruction Fuzzy Hash: 7C01BC30E0025A8EDF28DFA6D9657AFBFB1BB88304F404925E040A22D4CB7C5A05CFA1
                                                                                                                            Function 0960F148 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1e360b31ca43d96267e8a4ce1da0a0dfdca8be137854a4e0646f9c975daa3108
                                                                                                                            • Instruction ID: 7dfdb356b50700918b50a593ced5d998ce8675ce19f1cdee6425b4c8903264a8
                                                                                                                            • Opcode Fuzzy Hash: 1e360b31ca43d96267e8a4ce1da0a0dfdca8be137854a4e0646f9c975daa3108
                                                                                                                            • Instruction Fuzzy Hash: 2C01F931204241DFC764CF6CE894AAA7BBAEFD5310F14857AE515C7395CB709C08C790
                                                                                                                            Function 088CBAB8 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea3fb66594823d2c88527e74dd7d7b958b63b27651eef2b5faccedf4f339509c
                                                                                                                            • Instruction ID: 0840307af48fe724dfbcde10838705d5e34f53ce5fc8334ad9202422586167d0
                                                                                                                            • Opcode Fuzzy Hash: ea3fb66594823d2c88527e74dd7d7b958b63b27651eef2b5faccedf4f339509c
                                                                                                                            • Instruction Fuzzy Hash: F2012874A002189FCB68DF69E4455EEBBF4FF88311F10822AD45AE7610D7309505CF91
                                                                                                                            Function 081DE610 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d5974345711b14ea169a5f03a0c8464d5df09fe5d44abf7cfda6d9ff3688192a
                                                                                                                            • Instruction ID: 891e9f00fe5636610981f48db8136ffefe2dcacbf7871fdfe052f6d8c0743c55
                                                                                                                            • Opcode Fuzzy Hash: d5974345711b14ea169a5f03a0c8464d5df09fe5d44abf7cfda6d9ff3688192a
                                                                                                                            • Instruction Fuzzy Hash: C4F096622081D47E8B524EAA6C10CFB3FED9E8E151B0950ABFAD4D2252C02DC921EB70
                                                                                                                            Function 0960CDC2 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 95f40636a87925313d0ee57cfe4461259acb044f372eb7f0f2bfb23a3ef33203
                                                                                                                            • Instruction ID: 307c5065167c2ea179175be2e96498b01f16573d0e4a817ce9b8f070ec31c7c5
                                                                                                                            • Opcode Fuzzy Hash: 95f40636a87925313d0ee57cfe4461259acb044f372eb7f0f2bfb23a3ef33203
                                                                                                                            • Instruction Fuzzy Hash: 24019230D1025A8FDB28DF66D9657AFBFB1BF88300F404926E451A62E5CB7C4544CF90
                                                                                                                            Function 0965D320 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6fce9779f818c9582ce6f531031df475464a39d56b724245798f58ebff869892
                                                                                                                            • Instruction ID: 11532b2f223aa22f5d356af14a48075a595a1038f6edc73d713895038cbaea4d
                                                                                                                            • Opcode Fuzzy Hash: 6fce9779f818c9582ce6f531031df475464a39d56b724245798f58ebff869892
                                                                                                                            • Instruction Fuzzy Hash: 96F062322097808FC3168A39D855595BFF5AFC3321B0A06EBE466C71F6D669994AC720
                                                                                                                            Function 0965A720 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 82ae40c1c36c771941dbe6403ab8bdd519f2cb0a2e03c6d7eaf8463ea1c33a60
                                                                                                                            • Instruction ID: 836939e0833419ee098029ba44220df89bb9e2d5b70abc5d9b152df872d0ffad
                                                                                                                            • Opcode Fuzzy Hash: 82ae40c1c36c771941dbe6403ab8bdd519f2cb0a2e03c6d7eaf8463ea1c33a60
                                                                                                                            • Instruction Fuzzy Hash: C201D4B89082499FDB51DFA8D52536D7FF6EB80308F00429AD466977D1CFB40505CF92
                                                                                                                            Function 0960E250 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c431ca36a12053c83ced2fe94e50d7c13471fce47dd6db9bd64c2b6487d0178a
                                                                                                                            • Instruction ID: 3ad4ee1c82e6be5df56c4e21cb98a2bfe3fb5d694f8ea5c32ec9f2b99c01a544
                                                                                                                            • Opcode Fuzzy Hash: c431ca36a12053c83ced2fe94e50d7c13471fce47dd6db9bd64c2b6487d0178a
                                                                                                                            • Instruction Fuzzy Hash: 4D01DF70A442699FD759EFE8D43176F7FB1AB81304F0048AAC49997BC1CBB60504DF92
                                                                                                                            Function 09625D00 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5bf41d833393d1d6a7e2567e95cf6ee42272754e529bf320a902e3df25d84757
                                                                                                                            • Instruction ID: bae64f5e7010dfde9a49f1fd77be0861f0b1ffd0e86cc3f276b573025f53c64f
                                                                                                                            • Opcode Fuzzy Hash: 5bf41d833393d1d6a7e2567e95cf6ee42272754e529bf320a902e3df25d84757
                                                                                                                            • Instruction Fuzzy Hash: 7CF0F6317507685FD734ABA5F81D366375EA780711F14042BB9078B3C4CD608C028B96
                                                                                                                            Function 09629238 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cc05576ca9dffaffbec8dcec6cc7a258638c3d2caf56f99e57bdc9b514658fde
                                                                                                                            • Instruction ID: f202474a47ccd8d18b5c6d02f19159c167e4c03230135f4cc1e71ea063e0c853
                                                                                                                            • Opcode Fuzzy Hash: cc05576ca9dffaffbec8dcec6cc7a258638c3d2caf56f99e57bdc9b514658fde
                                                                                                                            • Instruction Fuzzy Hash: 0C018C34101701CFC72D8F61D485A66BBA5FF81311B2489AED89797A61CB34E882CF80
                                                                                                                            Function 088C0D80 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 313def48d9f06ef5d8c54cbfccc1ade32dde11b17a5e9a7ad2ee8e6e20e86ed2
                                                                                                                            • Instruction ID: 6ea1a53df41fabfdfcc317753553d8465706b96584efdb24db894a367533b5ad
                                                                                                                            • Opcode Fuzzy Hash: 313def48d9f06ef5d8c54cbfccc1ade32dde11b17a5e9a7ad2ee8e6e20e86ed2
                                                                                                                            • Instruction Fuzzy Hash: 6501CCB4D0420DEFCB44DFA9D9446AEBBF4EB48302F2081AAD915A3285E7349A41CF90
                                                                                                                            Function 088C0D7D Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d7e7ab20b064d1b2828ca0a6339c28771ce834c53767d6f15f41bce8ff8866bd
                                                                                                                            • Instruction ID: 67870b197674277ce9518f2f814ee6820d9878076b78d31bba72ce197093a364
                                                                                                                            • Opcode Fuzzy Hash: d7e7ab20b064d1b2828ca0a6339c28771ce834c53767d6f15f41bce8ff8866bd
                                                                                                                            • Instruction Fuzzy Hash: 5101DDB4C0521EDFCB40DFA8D5456AEBBF4EB08302F2081AAD915A3285E7349A41CF90
                                                                                                                            Function 088CD9D0 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 80144c386bbf6153e9c11df6a3fa295e20c89354c3949dbc08407896cd3af0e4
                                                                                                                            • Instruction ID: 28c3430f3055ade003a4bdaad121de6ff8f7e2dd3616e8c9e9748365b649b77e
                                                                                                                            • Opcode Fuzzy Hash: 80144c386bbf6153e9c11df6a3fa295e20c89354c3949dbc08407896cd3af0e4
                                                                                                                            • Instruction Fuzzy Hash: 1BF02431B082408FC318CA29A815ABBFFB0EFC5311F1481BFD40ACB662D6B1C846C790
                                                                                                                            Function 09625E90 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8290a73f2cb9a77da5b3cc877045010e8eaae32af50f1fed1509322f184702cd
                                                                                                                            • Instruction ID: d9c4f20f7defc316918d5b546b52639f468df7de7f98acdb077286ed6ca1db1d
                                                                                                                            • Opcode Fuzzy Hash: 8290a73f2cb9a77da5b3cc877045010e8eaae32af50f1fed1509322f184702cd
                                                                                                                            • Instruction Fuzzy Hash: 85F0C270504B218ED77AAF3995114A67BE8EBC1341B81009BF0D3CE5A9CA28CA42EF52
                                                                                                                            Function 09651A6C Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01dfffdf3c8c97b5a6f63ea52b4d112e48495f730e3c840f2ad1467fa309d352
                                                                                                                            • Instruction ID: 5123b70e91316cfcf220d480fa863ab63c2af9f74249c61497f1ae22e274f526
                                                                                                                            • Opcode Fuzzy Hash: 01dfffdf3c8c97b5a6f63ea52b4d112e48495f730e3c840f2ad1467fa309d352
                                                                                                                            • Instruction Fuzzy Hash: 17F0F631705790AFD3212E74904873ABFA7FF85710F90546DE64A877C1CBB2A844C791
                                                                                                                            Function 09651A70 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 306d11aaa205b1de919c0a01e26e72de818d41de87bf290c4db39979a42a5ce3
                                                                                                                            • Instruction ID: ef6304f7767ce1b493814290d59da6b1f6cbd0590bb27d85243aa4b6affccfc3
                                                                                                                            • Opcode Fuzzy Hash: 306d11aaa205b1de919c0a01e26e72de818d41de87bf290c4db39979a42a5ce3
                                                                                                                            • Instruction Fuzzy Hash: 3CF0F631704790AFD3212E35944873ABFE6FF81710F90546DE64A877C1CBB2A844C791
                                                                                                                            Function 096525B8 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38ccceeab7010aa11987bb31f3b3d716915d92c2bc67b7c21f5dd87319bd1783
                                                                                                                            • Instruction ID: b3f30ce8151f5daa00f2d973142dcfcd538989f4f5c5f7bed6cf23779886bbe2
                                                                                                                            • Opcode Fuzzy Hash: 38ccceeab7010aa11987bb31f3b3d716915d92c2bc67b7c21f5dd87319bd1783
                                                                                                                            • Instruction Fuzzy Hash: 5301DA70D0020ADFCB44DFA8C5596AEBBF0BF08304F50846AD826E7350EB759685CF91
                                                                                                                            Function 096506C8 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4776638ace36291fe5745a57f13ac0dcdda27532fd71479a92a88cbcb11973fb
                                                                                                                            • Instruction ID: 6fee5a2a81dad13380b58203b8bc33ade4443fd483501d892a76177a644f2725
                                                                                                                            • Opcode Fuzzy Hash: 4776638ace36291fe5745a57f13ac0dcdda27532fd71479a92a88cbcb11973fb
                                                                                                                            • Instruction Fuzzy Hash: BB01DB70D482999EEF14DFB5C9143AEBFB57F45304F008056D852B72A4CBB89145CF51
                                                                                                                            Function 0960CA31 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 734e5b5b88462dddef727541e3fdcb8d58c8cc15b2bbc41e2ad75036d2de9152
                                                                                                                            • Instruction ID: 0001cbbd912c6fcd7a5276e161d70565565f6f341d2c2b67a45903e70dcfbf9e
                                                                                                                            • Opcode Fuzzy Hash: 734e5b5b88462dddef727541e3fdcb8d58c8cc15b2bbc41e2ad75036d2de9152
                                                                                                                            • Instruction Fuzzy Hash: B1F0E23240D7818FC30ADB68F80088ABFF1AFA5311F01866BD48587762D631984AC7A2
                                                                                                                            Function 088C3B59 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ae9067f2a11c1ae9973e82ca81e3c1fc80ed779aa6c45336af8a66a03fa23ca
                                                                                                                            • Instruction ID: 6831e5310ea0e4bfbdb4bba3afa51fbb323f1f1a58e5482832be3a5e74fd3955
                                                                                                                            • Opcode Fuzzy Hash: 7ae9067f2a11c1ae9973e82ca81e3c1fc80ed779aa6c45336af8a66a03fa23ca
                                                                                                                            • Instruction Fuzzy Hash: ED018B304057419FD729DF22E418162BFFAFFC9314B008A2FE48AC2A11EB706406CF86
                                                                                                                            Function 081DD080 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1687928041c944bd12aaf56156ba520688c447734c4b66291752a17abd2e080
                                                                                                                            • Instruction ID: ff2e8a5271ee9217a52170becc70df2d020f099eea51441d0c955324eefbcf8f
                                                                                                                            • Opcode Fuzzy Hash: c1687928041c944bd12aaf56156ba520688c447734c4b66291752a17abd2e080
                                                                                                                            • Instruction Fuzzy Hash: CBF02430109341CFDB268E25F540B63BBF9FFC2205B0584AED4418B922CB76F846CBA1
                                                                                                                            Function 096591C8 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dcfb5701289e8179ee429c6c40590423928f15ece261b9f47032fe882d9c00c5
                                                                                                                            • Instruction ID: 0c17aa396303c118a136062573ce3a641068ea090679abc747b88091839a4618
                                                                                                                            • Opcode Fuzzy Hash: dcfb5701289e8179ee429c6c40590423928f15ece261b9f47032fe882d9c00c5
                                                                                                                            • Instruction Fuzzy Hash: BBF0373690010AEFCF00DFA8D904CDEBBF6EF49310B108165E618EB270E732AA15CB91
                                                                                                                            Function 088CBCB9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 06e391f9f2fba390e97ecae044ec97dede8fad22d17e64e3a6e44b02c19af262
                                                                                                                            • Instruction ID: cebcf5b07f2dbc50b746f4bb333a9761e068961a4108913fd9f7cf45450888c0
                                                                                                                            • Opcode Fuzzy Hash: 06e391f9f2fba390e97ecae044ec97dede8fad22d17e64e3a6e44b02c19af262
                                                                                                                            • Instruction Fuzzy Hash: BCF096322066919FC3158F38D44884ABFF4FF8662131981ADD499CB272CB21ED41CBD1
                                                                                                                            Function 0962E838 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: df48f041d5cc86017f4be1aaa3d77fd41a22b124635b7d027a0e94a84130ecb7
                                                                                                                            • Instruction ID: 1af22614e23bffcd1539c454334aed65a34b11e42db656d7cb45d84404e525e4
                                                                                                                            • Opcode Fuzzy Hash: df48f041d5cc86017f4be1aaa3d77fd41a22b124635b7d027a0e94a84130ecb7
                                                                                                                            • Instruction Fuzzy Hash: 74F01272E00118ABCB45DF9A9C05AFFBBFAEFC8611F08802AE615D3240D77056159B91
                                                                                                                            Function 081D65BF Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 062052f7ea2ebce03fa44465f427cf43bd0febab4249185b6dcbc8d8f9f312d9
                                                                                                                            • Instruction ID: 74039594a6838951867b5b3c1d7773e9d05bdd3c22bf45c718ce4e3b54e9957e
                                                                                                                            • Opcode Fuzzy Hash: 062052f7ea2ebce03fa44465f427cf43bd0febab4249185b6dcbc8d8f9f312d9
                                                                                                                            • Instruction Fuzzy Hash: AAF06D3044A3C58EC713AF34C4948883FB4EE5325072A15DFE0C1CF473CA65484AD76A
                                                                                                                            Function 09650D2F Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: afc9981f5f44d3ca210aa5cb5a38fb9d8c44da1df18d9e107a8b2db63e48205b
                                                                                                                            • Instruction ID: 75a01269305b33d869a0a765b49ece599aba5aee4f1ad40648bc118736bd5f23
                                                                                                                            • Opcode Fuzzy Hash: afc9981f5f44d3ca210aa5cb5a38fb9d8c44da1df18d9e107a8b2db63e48205b
                                                                                                                            • Instruction Fuzzy Hash: 7AF0587108A7D14FD3270A655CB20957FB9EB8B98030F28E3C4C2CA9A3C56C8D4AC7A1
                                                                                                                            Function 0960ABA8 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 74c72a18eca1afb77601490b070b9a3373c04c568b0314aa67aec91ff149a0df
                                                                                                                            • Instruction ID: 8d1359e39391d1bf37f982c8807da837c870ef9b160b66ea895f396858d2d547
                                                                                                                            • Opcode Fuzzy Hash: 74c72a18eca1afb77601490b070b9a3373c04c568b0314aa67aec91ff149a0df
                                                                                                                            • Instruction Fuzzy Hash: F4F012357042145F47089A5DD89496FBBDEEFCC7607148067F809C7345DB71DC0286A5
                                                                                                                            Function 0960D490 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 07451e2057169494d1824c8c23de99bdcb527b86ff33c8c4466a65e29b98339d
                                                                                                                            • Instruction ID: 077e93faa93ef91cf02ec48914229acce19df8abd1ed4911f575dd94aa515e76
                                                                                                                            • Opcode Fuzzy Hash: 07451e2057169494d1824c8c23de99bdcb527b86ff33c8c4466a65e29b98339d
                                                                                                                            • Instruction Fuzzy Hash: ACF02432A003869EC7049FBC98504EABBB8EFC23203018A2FD54AA7112D7715884CBA0
                                                                                                                            Function 0965A1A0 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0b88640822af1d8b481dc7107d9dbbbf48ed0c369612dc95fbbab759c9bbcd2
                                                                                                                            • Instruction ID: 432caa50db06b39257a8f956c39cfdb13e832ae044a94b6de3f4acd7637a00ac
                                                                                                                            • Opcode Fuzzy Hash: a0b88640822af1d8b481dc7107d9dbbbf48ed0c369612dc95fbbab759c9bbcd2
                                                                                                                            • Instruction Fuzzy Hash: 5CE09A363002249787226ABAB0040BE77AADBC06B2318003BE90EC3B08CE61C80683A1
                                                                                                                            Function 0960C478 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 633abadc87a406cf55345c42f4c775da7889efe0c79885129afe5605156a0bd9
                                                                                                                            • Instruction ID: 40e5bba1cca84a23933163e8cf9108922135ebc9a367f8336c770920a94adcd2
                                                                                                                            • Opcode Fuzzy Hash: 633abadc87a406cf55345c42f4c775da7889efe0c79885129afe5605156a0bd9
                                                                                                                            • Instruction Fuzzy Hash: D4F0A732302A169BC7056F24D0588DD7F6AFFC47143058156D405CB358CBB9691687D4
                                                                                                                            Function 088C0DF0 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 963e19b5ffc08cc348861d2bce1f7048467950c021013e74da32c45096c49a64
                                                                                                                            • Instruction ID: f48416214b7304a743c0ce5ea3af6eb5a1ef699423e6c3fce933f475399f55aa
                                                                                                                            • Opcode Fuzzy Hash: 963e19b5ffc08cc348861d2bce1f7048467950c021013e74da32c45096c49a64
                                                                                                                            • Instruction Fuzzy Hash: 92F049B5C0865DDFCB01CFA4D4555BEBFB4EB2A382F0442DAD856E7256E2349A02CF10
                                                                                                                            Function 088CBA57 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 248c01d243fe0d3705a1617f4054eec65fad7d46b7aaff8952612b9f54969dfb
                                                                                                                            • Instruction ID: ab968f7fb44acd3a54b43f090c1cebca55e7b4c8515c371113412969834cac84
                                                                                                                            • Opcode Fuzzy Hash: 248c01d243fe0d3705a1617f4054eec65fad7d46b7aaff8952612b9f54969dfb
                                                                                                                            • Instruction Fuzzy Hash: 94F0A775205250AFC30956BAB4595977FEEEBC6310B1041BAE446C7751CA654C06CB71
                                                                                                                            Function 088CD6F0 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8e5577a2b6be3f7c8c8e31c69b56fae2bec4f738be5a1b297066855c590697db
                                                                                                                            • Instruction ID: 3cc10f1822d5e3cb14cc5ec8b2dc759df9950d27e81465c3fd6d8599a856b6cc
                                                                                                                            • Opcode Fuzzy Hash: 8e5577a2b6be3f7c8c8e31c69b56fae2bec4f738be5a1b297066855c590697db
                                                                                                                            • Instruction Fuzzy Hash: 9FF06D35A002488FCB149AA9E4009EDBBF6EF86315F24016EE409ABA21D6715D86CB81
                                                                                                                            Function 09655C36 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f3f956d22599a2b3ada84377ec0de7e49f0b4b51b9abf6308bedb4d4eb0643a
                                                                                                                            • Instruction ID: d65df215e27e86ec25c10214771b0f1c8f2363d43239364d2a7e242e4d7d8b0d
                                                                                                                            • Opcode Fuzzy Hash: 4f3f956d22599a2b3ada84377ec0de7e49f0b4b51b9abf6308bedb4d4eb0643a
                                                                                                                            • Instruction Fuzzy Hash: 1AF0BE352043508FC325CF24D59541ABFE5EF85368B2044BEE08BC7632C275EC81CB60
                                                                                                                            Function 088CD6BD Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9055858c852ba9333a49aa9f70ac2f99dc67b22d261d854ca7f161e70cb55c27
                                                                                                                            • Instruction ID: 6af289d6eb3898dc12fa64cfbf270d044eb641d4787e4e81201d2df5a7bf3923
                                                                                                                            • Opcode Fuzzy Hash: 9055858c852ba9333a49aa9f70ac2f99dc67b22d261d854ca7f161e70cb55c27
                                                                                                                            • Instruction Fuzzy Hash: 37011474A05219AFDF00DF90D954FEEBBB2BF48304F10801AF801BB2A4CB75A941DBA1
                                                                                                                            Function 09628338 Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ccbb61595f692b8eaf156eed354daa4b5133812c1900eba7fa8bc7813327ddde
                                                                                                                            • Instruction ID: 15e809bd1350220b941fb6e3e5bb5a9cc53a99ce015ab7252cadb2442572a6aa
                                                                                                                            • Opcode Fuzzy Hash: ccbb61595f692b8eaf156eed354daa4b5133812c1900eba7fa8bc7813327ddde
                                                                                                                            • Instruction Fuzzy Hash: 49F027312097908FC3469F25E4086493FBCFF82625B200099F087CB672DB709845CB92
                                                                                                                            Function 096572D0 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bda768cb2af27936365dfa80ca13091974c55471f7a6ef40faf7288b52452047
                                                                                                                            • Instruction ID: 9884635c6ff0b97ba05c63b9d1b8060750d0806ff9c16cdc0742648921197034
                                                                                                                            • Opcode Fuzzy Hash: bda768cb2af27936365dfa80ca13091974c55471f7a6ef40faf7288b52452047
                                                                                                                            • Instruction Fuzzy Hash: 31E092327002086BCB04AE59EC90A9FBB6EEFC9210F00952AF90697251DF719C2197E5
                                                                                                                            Function 088C2F30 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86fde2dedc958f1974a35a715bb0677f45f95f68e222d956b9a91d01abbaf630
                                                                                                                            • Instruction ID: ac13113e29bc12d3c2feedfae12281dd8a0b2bcbdb06216d7702684b93c4ed99
                                                                                                                            • Opcode Fuzzy Hash: 86fde2dedc958f1974a35a715bb0677f45f95f68e222d956b9a91d01abbaf630
                                                                                                                            • Instruction Fuzzy Hash: C7F01C3A3112599BC718EF6DD55489A3BBAAFC5361714446AF5048B228DB719801CBA0
                                                                                                                            Function 0965FC40 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f6a86e36988bf239e8996e9ee36c2c7aa6df92a81b6e55e46f78dce90498574
                                                                                                                            • Instruction ID: a5329fe04fbb4e33c15d96d0fa02ec3bea8d5cbb4130caf85e7b825f7aad7723
                                                                                                                            • Opcode Fuzzy Hash: 7f6a86e36988bf239e8996e9ee36c2c7aa6df92a81b6e55e46f78dce90498574
                                                                                                                            • Instruction Fuzzy Hash: 1EF0823134D7D68FC74B8B28E8256D97FB5AF43344B0A40BBD441D7196C63C4906D7AA
                                                                                                                            Function 0965DFD1 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e7d43f8683c51732d1afa80965bdbd3690342bf056b93de6405d9674d0651c60
                                                                                                                            • Instruction ID: 4d76dee74c17b6aaaf39ff017ccb3c37fc11c2230bc47d7887926cf116551c83
                                                                                                                            • Opcode Fuzzy Hash: e7d43f8683c51732d1afa80965bdbd3690342bf056b93de6405d9674d0651c60
                                                                                                                            • Instruction Fuzzy Hash: 16F01271C00219DECB40EFB8E9011EEBBF4AF05340F20816AD819A7214E6315A518BD1
                                                                                                                            Function 096071E5 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0e1d6180ae8d2acdec3a9ec7c20b09353abe690f99894ab54c56d1c291eb8565
                                                                                                                            • Instruction ID: d0d563a079526467d1d427ed4e3dc0f5123d7a3e2f7463b4e968d393682f7c73
                                                                                                                            • Opcode Fuzzy Hash: 0e1d6180ae8d2acdec3a9ec7c20b09353abe690f99894ab54c56d1c291eb8565
                                                                                                                            • Instruction Fuzzy Hash: 33F0A9366011099FCB05DF94EA44DCDBBB6FF88314B25C2A0E5085B225C731ED55DB50
                                                                                                                            Function 0960D438 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 23cb8cb9169daebbaac5d161d2189f3607b6fcb92c9692b12c2009654a194f06
                                                                                                                            • Instruction ID: c569e1d5314441baba9142c219a8e88c0f7370e70431f67e244e7c007ba24d5d
                                                                                                                            • Opcode Fuzzy Hash: 23cb8cb9169daebbaac5d161d2189f3607b6fcb92c9692b12c2009654a194f06
                                                                                                                            • Instruction Fuzzy Hash: D9F03032914748AEC705EFB8D4105D97FB4EE85260F05869FD549D7121FB709A848792
                                                                                                                            Function 088CFF78 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57205cf1d716482d4348ac375cc9d1908d602431f2981d7a49a7b932e00a7ba5
                                                                                                                            • Instruction ID: fde803d44cb5fcb9fc71cc7c3eda762a074efa8debadbea63bc0833d2f193682
                                                                                                                            • Opcode Fuzzy Hash: 57205cf1d716482d4348ac375cc9d1908d602431f2981d7a49a7b932e00a7ba5
                                                                                                                            • Instruction Fuzzy Hash: DDE0863175021A1BD7186A8DF424BBB73CE9BC8122F54C06EB60EC76D0CDA5DC414394
                                                                                                                            Function 09651658 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ab1e5f35e5d19ceb97c9c5901543cd538610b8a2141aa33d4869b8617724481
                                                                                                                            • Instruction ID: 31c43e5eb189f8391e12e615f0634b5a8da07597abb1b601bb179551d770fb17
                                                                                                                            • Opcode Fuzzy Hash: 7ab1e5f35e5d19ceb97c9c5901543cd538610b8a2141aa33d4869b8617724481
                                                                                                                            • Instruction Fuzzy Hash: 4CF0E535209A918FC70A2F38A8340BD7F74EF4A201709557BF806D3651DF288801C796
                                                                                                                            Function 088C2ED9 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38552640fd5a026094e30899cf3d064cc8c78d50cbf12f9e11f9596f2ac90190
                                                                                                                            • Instruction ID: 36d9699b3432fd38c6b530c63ff40388bb426d9fae4ffba980f6082e2c4b1a65
                                                                                                                            • Opcode Fuzzy Hash: 38552640fd5a026094e30899cf3d064cc8c78d50cbf12f9e11f9596f2ac90190
                                                                                                                            • Instruction Fuzzy Hash: 64F0F871D0124CEFCB01DFB4D55498DBFB4EB49210F1081EAD855D7252E6305B05CF81
                                                                                                                            Function 088CBA68 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed89c02027f5ec2b3d608b2734c025e6d32614afac8fd7cc5412958e8eff3c8d
                                                                                                                            • Instruction ID: 9bd6c6abb59ee98ebdc28e60f161ba198130243da717ed9493d9280e00bbdb62
                                                                                                                            • Opcode Fuzzy Hash: ed89c02027f5ec2b3d608b2734c025e6d32614afac8fd7cc5412958e8eff3c8d
                                                                                                                            • Instruction Fuzzy Hash: A6E0D871300214A7C314666FF85895B7E9ED7C9320F504479F509C3340CD668C04CAB1
                                                                                                                            Function 0960C488 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4c010dbd0dc83c9b27ee26b9319c93c48f47c844cb5e165a3f2bc1666edb3e8
                                                                                                                            • Instruction ID: e37f437aa70da5a82462dd1160da145ea7f46a943286a4ab270a106e95e629ea
                                                                                                                            • Opcode Fuzzy Hash: f4c010dbd0dc83c9b27ee26b9319c93c48f47c844cb5e165a3f2bc1666edb3e8
                                                                                                                            • Instruction Fuzzy Hash: 0DE02032303D269786046F18E01CC9DB76BFFC47153004217E40583708CF796916C7D4
                                                                                                                            Function 088C3B08 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e3b74b4a5cc58e2b50f121b6018a934f43b4a94b2addff35119c67bdab8909cc
                                                                                                                            • Instruction ID: 5fd144e849f02b1177f5c74b6ef420b4e4253b6e0d291cf971c140986a5c74df
                                                                                                                            • Opcode Fuzzy Hash: e3b74b4a5cc58e2b50f121b6018a934f43b4a94b2addff35119c67bdab8909cc
                                                                                                                            • Instruction Fuzzy Hash: BCE030301007948BC715AB2AF864B5E7FEEEBC5315F000569E14687755CAA6AC05CFA2
                                                                                                                            Function 088CDB08 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9c1d48d05c017823cc7357af20e11c087fcd9514ce0f339aff11122e787f5039
                                                                                                                            • Instruction ID: b8cbd8b9cd2d9eccc2a84231f202adfb7a5767ce6da2cc5e1f7ea2f110787a54
                                                                                                                            • Opcode Fuzzy Hash: 9c1d48d05c017823cc7357af20e11c087fcd9514ce0f339aff11122e787f5039
                                                                                                                            • Instruction Fuzzy Hash: A8F0DA70D002099F8B98DFA8D0425AEBFF4FF48301F20817FD959E2225E2344641CF91
                                                                                                                            Function 0968A678 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238323780.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9680000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 75420c452f7f51f936de8211b5aa9d1f13724a260dae59d3e7205d4cc1418845
                                                                                                                            • Instruction ID: 54b0b2c15abf38138bc77ea26626b10463eb16ed5d218769d2415b5fe3de56d3
                                                                                                                            • Opcode Fuzzy Hash: 75420c452f7f51f936de8211b5aa9d1f13724a260dae59d3e7205d4cc1418845
                                                                                                                            • Instruction Fuzzy Hash: 44F0F8B4C04208AFCB50EFA8D5446AEBFF4FB08310F00859AE85492340D7744A91DF80
                                                                                                                            Function 081D4EDA Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa8ac6427bc188624c5f4f6652a4154702179cd079d0db38c391c919ac981cff
                                                                                                                            • Instruction ID: d0fe6b7d47462ddf52961cf219b7fe10a2cc1ef16c27ff4713da1653e36661ff
                                                                                                                            • Opcode Fuzzy Hash: fa8ac6427bc188624c5f4f6652a4154702179cd079d0db38c391c919ac981cff
                                                                                                                            • Instruction Fuzzy Hash: E4F03070E09348AFCB05DBB8E45489CBFB1EF45300F0040E9D845DB362DA344A49CB81
                                                                                                                            Function 0965DFE0 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0a982905a77d76c65b9bafc64d5b0adf03d0591c3ee8f8f76cf0f75da6660b8b
                                                                                                                            • Instruction ID: 74d132ce4a325f053490732bd90550c16b5489cebfc0411bd06e1d0bcd1f2522
                                                                                                                            • Opcode Fuzzy Hash: 0a982905a77d76c65b9bafc64d5b0adf03d0591c3ee8f8f76cf0f75da6660b8b
                                                                                                                            • Instruction Fuzzy Hash: 26F09B71D002199FCB80EFB8D9056EEBBF4AB09340F50816AD959E7214EA319A658BD2
                                                                                                                            Function 096560C0 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dff6c1645948a76d70ada5711dfcfe439b6b4b91335640af3e4c6ca66e847eb9
                                                                                                                            • Instruction ID: 58e042e465377bf4999d4b58087c7271201294a5acea436dbaab533ad56c0a8a
                                                                                                                            • Opcode Fuzzy Hash: dff6c1645948a76d70ada5711dfcfe439b6b4b91335640af3e4c6ca66e847eb9
                                                                                                                            • Instruction Fuzzy Hash: F3E07D3528D2804EC7165E70B8B1512BFA0FB42190FC944FBC543CA0E3DC184404DB71
                                                                                                                            Function 0962C89D Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a2dc5adc7ca8ce9d756f3d0b48d091e23995d4d90bf69d5a79599cd8fb6eddf6
                                                                                                                            • Instruction ID: f35f54c7b00a7736f69ebf606a30151ebcd8ef52d79040d0dde89108d413ebf8
                                                                                                                            • Opcode Fuzzy Hash: a2dc5adc7ca8ce9d756f3d0b48d091e23995d4d90bf69d5a79599cd8fb6eddf6
                                                                                                                            • Instruction Fuzzy Hash: D7F0EC3200D3C18FC70AEB31D068594BFA4EF42204B1882DFC082CF0BBEB25844ACB12
                                                                                                                            Function 088C40A8 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 742c47d772bd06b2a85ecc1db7991e7b17a9385f183c6fe99a3b8daec05289b3
                                                                                                                            • Instruction ID: e744f2765fbeff928b440ca591ce1054a02568927261cc0cec2f6355c2a5547c
                                                                                                                            • Opcode Fuzzy Hash: 742c47d772bd06b2a85ecc1db7991e7b17a9385f183c6fe99a3b8daec05289b3
                                                                                                                            • Instruction Fuzzy Hash: 04F0AC74D00208EF8F44EFA8E56555CBFB9EB84310F2045A9D405A3794EA305F449F91
                                                                                                                            Function 088CFF72 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2d4c59a2a44385b031b2af73950f7620144cf77935230ae01afbab991b17f30d
                                                                                                                            • Instruction ID: 6d573f5f64698e13fb9121b36d40d3adc0957db870913b13f4882d29c8b493d1
                                                                                                                            • Opcode Fuzzy Hash: 2d4c59a2a44385b031b2af73950f7620144cf77935230ae01afbab991b17f30d
                                                                                                                            • Instruction Fuzzy Hash: 86E02B303112165BD708575DF824A7B37CE9FCA121708C06DB90EC7791CDA4DC41C391
                                                                                                                            Function 09655C80 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9f2bc25e960a058a5f80ca6c7571a04e1b33d32006c4be0197d6bee23b261857
                                                                                                                            • Instruction ID: b533d85df13847154e957c412978ff36238852e92bbf01167bad510c5cdbe34d
                                                                                                                            • Opcode Fuzzy Hash: 9f2bc25e960a058a5f80ca6c7571a04e1b33d32006c4be0197d6bee23b261857
                                                                                                                            • Instruction Fuzzy Hash: E5E02620A053411BC311ABB8A4104013BBC9F4221875440AFE448CB203E992EC09C745
                                                                                                                            Function 09652160 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4ccca122ed67bee474d4940a5a281f9338fe35a03336923b3247c4152975d54
                                                                                                                            • Instruction ID: 614393802ca02651e200d0e51042a8f143336ca8c0e1f04a8f277cb07e56def2
                                                                                                                            • Opcode Fuzzy Hash: a4ccca122ed67bee474d4940a5a281f9338fe35a03336923b3247c4152975d54
                                                                                                                            • Instruction Fuzzy Hash: BCE02630301A159BCB14BF28E02406E7B68FF86301B40112FE807D3340DF2099408BC6
                                                                                                                            Function 0965E2F3 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c90edd674a1be161b94384fc433a6ea17b0157af2c2d76e86e561c35a7fa688e
                                                                                                                            • Instruction ID: eeab05640c8635475e5be6043673fc25df968c16167308012478b2a0ff9848cf
                                                                                                                            • Opcode Fuzzy Hash: c90edd674a1be161b94384fc433a6ea17b0157af2c2d76e86e561c35a7fa688e
                                                                                                                            • Instruction Fuzzy Hash: 52F02270A4820AEFDF12DF60C0586ADBFB1AF14300F101A5EDC03AB284CB724B82DB41
                                                                                                                            Function 0960D448 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: daa011e392b02a036f7c3950ad895f7d2207a67a17898e8fce79317d007c5f34
                                                                                                                            • Instruction ID: 67ee929d343f0f336a668a7939479853cb7925a1f30101ef8296a9d41a15cf36
                                                                                                                            • Opcode Fuzzy Hash: daa011e392b02a036f7c3950ad895f7d2207a67a17898e8fce79317d007c5f34
                                                                                                                            • Instruction Fuzzy Hash: DEE04F32914708AEC700EFBCD4144DEBBB8EE85260F048A5FE549A7210FF709680C6D2
                                                                                                                            Function 096284B8 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 110127e760b42a94feb46a00a2de0e99fd9e9ac870cc2b9a78665dd258c7f4c4
                                                                                                                            • Instruction ID: e0086369bf4cba0c570b77009cd8e36d3143de9719865704f07a3a470770b022
                                                                                                                            • Opcode Fuzzy Hash: 110127e760b42a94feb46a00a2de0e99fd9e9ac870cc2b9a78665dd258c7f4c4
                                                                                                                            • Instruction Fuzzy Hash: A2E020300493E58FC7255F79D5042927F74AF42215F1800EFE4DD8BD53D1656816CB93
                                                                                                                            Function 09655DD7 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d16f96df49733843a746518b89479cf5456a0a97e6778a87afd35fdb3ac5f28
                                                                                                                            • Instruction ID: 881ac31f39baecb8b76ef35e795fcd306015c94b5895034123e02185d7fbb49a
                                                                                                                            • Opcode Fuzzy Hash: 0d16f96df49733843a746518b89479cf5456a0a97e6778a87afd35fdb3ac5f28
                                                                                                                            • Instruction Fuzzy Hash: BCE04F3140A358BFCB078FA0D916484BF66EF0A36571880EEE9098E132C677C462DBE5
                                                                                                                            Function 0965B500 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d8b326fe3b64faeab382d6699ad25b8abb49781c56a61eb0d33fa459751ebd9e
                                                                                                                            • Instruction ID: 24aab0be639e1d1f4184bd67ffac9a63b0a7b9f3e69a23b94b9ee60724cb0132
                                                                                                                            • Opcode Fuzzy Hash: d8b326fe3b64faeab382d6699ad25b8abb49781c56a61eb0d33fa459751ebd9e
                                                                                                                            • Instruction Fuzzy Hash: 2FD017357109248F86089A1FE41885AF7EFEFD9A2131940AAE50AC3360DEA0EC028695
                                                                                                                            Function 09651668 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c9ee0b12cb0e670c4354c65e71871bca5befee8fb11065ada491e290012c3f92
                                                                                                                            • Instruction ID: cdf8b07d1fc9e89337ca8190fecba1277d83b773e98f42f4bd06c0e0b36306b1
                                                                                                                            • Opcode Fuzzy Hash: c9ee0b12cb0e670c4354c65e71871bca5befee8fb11065ada491e290012c3f92
                                                                                                                            • Instruction Fuzzy Hash: B5E0C239715A149BCB083F7DE82807DBBA9EF86241748552AF807E3300EF30D8008BC6
                                                                                                                            Function 088CBA10 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0fbaf697a5ff8c249b79121c16f275eba9f1caf0a1dccac05adf7e274f68a598
                                                                                                                            • Instruction ID: df905acf5b9d8aa4638e2f68ede0dd62c156058288516380731fc828b81111b4
                                                                                                                            • Opcode Fuzzy Hash: 0fbaf697a5ff8c249b79121c16f275eba9f1caf0a1dccac05adf7e274f68a598
                                                                                                                            • Instruction Fuzzy Hash: 01E092715052408FC71ACF36E0563033FE5DB86314F0085BAE0C2CB665CA39C846CF41
                                                                                                                            Function 0960CD78 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 97804476413adafe2e8331f524b298299aeccb0d01a3a9b289fcc0ab1ba46df8
                                                                                                                            • Instruction ID: 97d114f778a0037aa2fb641aedb2dcc8e1c4efe5792532955e0762982ddfd33e
                                                                                                                            • Opcode Fuzzy Hash: 97804476413adafe2e8331f524b298299aeccb0d01a3a9b289fcc0ab1ba46df8
                                                                                                                            • Instruction Fuzzy Hash: 97E0DF301043D0CFC77A5F35B4280E93FA5EE8636230201ABE482C22A2CB268945CF62
                                                                                                                            Function 0960CD88 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c54ef773aa8fb4df6dd90a8a62d115e2da45a6a46cf7b4f919c526135a8ab24e
                                                                                                                            • Instruction ID: 0e15983cf26c1fdd4298983558baf29b42afb8b8e15626827f137dc778644154
                                                                                                                            • Opcode Fuzzy Hash: c54ef773aa8fb4df6dd90a8a62d115e2da45a6a46cf7b4f919c526135a8ab24e
                                                                                                                            • Instruction Fuzzy Hash: 4CD01231200254CBDB756FB6B4180D57B99EB856A63010566F409C2291CF368841DA92
                                                                                                                            Function 088C2B88 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 463734ac17ede408973c1432630e576dec7d5454ca4dc6e2e1a1bd8b70fbb6b9
                                                                                                                            • Instruction ID: efb1627e732b10f836da0305493c2b79fb19a5f07fe6cc62d52036eb1eb2cd70
                                                                                                                            • Opcode Fuzzy Hash: 463734ac17ede408973c1432630e576dec7d5454ca4dc6e2e1a1bd8b70fbb6b9
                                                                                                                            • Instruction Fuzzy Hash: FFD0123130415457860526ADB43886E3BAEEAC5B61B0400AAE11783680CE555D058BDA
                                                                                                                            Function 0962D65A Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b89a6ef6bb61f7f9cf585543660f09792fd20f2238348d19ae923163d994294c
                                                                                                                            • Instruction ID: 79fbc2e62ec356b29bbe1219c546cd245ab601c71dd816196fda8cbd9866c043
                                                                                                                            • Opcode Fuzzy Hash: b89a6ef6bb61f7f9cf585543660f09792fd20f2238348d19ae923163d994294c
                                                                                                                            • Instruction Fuzzy Hash: BAD02B35500211CFC7558F54A0118D6FBF4FE46214314C197DC08CB212C7354D478BD0
                                                                                                                            Function 081D4EE8 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0a9250a729c1667e3ff19df257cb82e66e573e0ff6ef6ae8932c0dbda59e91f
                                                                                                                            • Instruction ID: 779e54313bd8528acbc669a4bf5ecf97d532496347e575b6c881d0866cceea8b
                                                                                                                            • Opcode Fuzzy Hash: a0a9250a729c1667e3ff19df257cb82e66e573e0ff6ef6ae8932c0dbda59e91f
                                                                                                                            • Instruction Fuzzy Hash: 90E09274E4530CAFCB44EFA8E55559DBBB9EF48300F0085A99809A7354EA345A498F81
                                                                                                                            Function 09652AF2 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 791cb8ca6b547868b8807eab33f67283c9d958a0e9e6c10c4c8f70a4849f3db2
                                                                                                                            • Instruction ID: d573311ff8e0fb632ee34d022da4abe7f597e0432288fd062666de32343b05c6
                                                                                                                            • Opcode Fuzzy Hash: 791cb8ca6b547868b8807eab33f67283c9d958a0e9e6c10c4c8f70a4849f3db2
                                                                                                                            • Instruction Fuzzy Hash: ADE01A35A00119CBCF60EF50EC54B9DFB31FB44315F508096E54AE2260DF315999DF51
                                                                                                                            Function 0965CF50 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 25147bbdf7defa52e46847c77dfb37f7faeea235d7a71b1a80c3f1564216c188
                                                                                                                            • Instruction ID: 91e8a0127ef21447605f6d2e4b4d9826cb9fac9cec137c5da0c866bd6f72b30e
                                                                                                                            • Opcode Fuzzy Hash: 25147bbdf7defa52e46847c77dfb37f7faeea235d7a71b1a80c3f1564216c188
                                                                                                                            • Instruction Fuzzy Hash: DED05E327100609F87089F1EE4048AABBEFDFDD62132540ABE109C7322CA71EC03C791
                                                                                                                            Function 096516A8 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 22e9a8e0da6bfbaaef133c29818cba5d29fbbbc4d914d0cd878ae282df569fe2
                                                                                                                            • Instruction ID: 54d8a9c8da1edc80515bb25931ab946b6611a4a780e14c115aa9e7542c77519a
                                                                                                                            • Opcode Fuzzy Hash: 22e9a8e0da6bfbaaef133c29818cba5d29fbbbc4d914d0cd878ae282df569fe2
                                                                                                                            • Instruction Fuzzy Hash: F1E0263010A7918FC3278A1082243A17FE0AB8A724F0914AFD487C2D51C728A441CB44
                                                                                                                            Function 088C6F80 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 24e5e31a39c4b28c507cb4e2283c471599171d6913970b721276d01ff3120f9e
                                                                                                                            • Instruction ID: 305b119f8e3092bdb81a20780e02054daf68c5f6c68b39d1d9b42a887679ea61
                                                                                                                            • Opcode Fuzzy Hash: 24e5e31a39c4b28c507cb4e2283c471599171d6913970b721276d01ff3120f9e
                                                                                                                            • Instruction Fuzzy Hash: E5E0C23260A3E05FC7026F29B8500857FB0EDC621435C40DBD49ACF143E260881FCB62
                                                                                                                            Function 088C6081 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a9f72b46a2caa9c8c06e727571849917c4b338630f744e9f1c1602e4aa0c51b
                                                                                                                            • Instruction ID: 78aa71af7e3e88bf518e3af5b60abc6512e7901c12c9c60b56c89751e4c70a8d
                                                                                                                            • Opcode Fuzzy Hash: 2a9f72b46a2caa9c8c06e727571849917c4b338630f744e9f1c1602e4aa0c51b
                                                                                                                            • Instruction Fuzzy Hash: F0E0D871D043208FC705DB29F4A75497FF5FB88348B0549BEE9868B199CB658A05CF81
                                                                                                                            Function 088CDB18 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c11bc50532bd3f3ade6f120d963893fe71cb4025560865e20538117685304f0a
                                                                                                                            • Instruction ID: 5d31c51da75e07b00dbb29406bc21e482980f8117d20f751bdd0f4ff03b0e9ac
                                                                                                                            • Opcode Fuzzy Hash: c11bc50532bd3f3ade6f120d963893fe71cb4025560865e20538117685304f0a
                                                                                                                            • Instruction Fuzzy Hash: 69E092B1D0420D9F8B84EFA9D4415BEBFF4AB48301F10816AE958E3254E7345A51CFD1
                                                                                                                            Function 081D4EB0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dea2cffdbf5f5f84bfd158b72c9febe137365be97801f600ae83c2b640f025c8
                                                                                                                            • Instruction ID: 43b9b9ed65cb691ec3c8caff104d86148e07febb783fecdf6660b691162f10bd
                                                                                                                            • Opcode Fuzzy Hash: dea2cffdbf5f5f84bfd158b72c9febe137365be97801f600ae83c2b640f025c8
                                                                                                                            • Instruction Fuzzy Hash: 31D0C96058F3CC7FC313876DAC518D5BF699E4B221B0A00C6F9858F233C467592993A2
                                                                                                                            Function 09655C90 Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5e8f4c8f8ac87911d9b540f04cb7e72042a0678b32373828c4104f80ecf143eb
                                                                                                                            • Instruction ID: 4b801ca522964f68b46f1a611418d747f31bd81b0d037d83475054a44c83d082
                                                                                                                            • Opcode Fuzzy Hash: 5e8f4c8f8ac87911d9b540f04cb7e72042a0678b32373828c4104f80ecf143eb
                                                                                                                            • Instruction Fuzzy Hash: 5AD02231F00306274320EEADA4525027BDE4B8A220390407AF94DC3300FD91FC488398
                                                                                                                            Function 09626BE0 Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238156910.0000000009620000.00000040.00000800.00020000.00000000.sdmp, Offset: 09620000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9620000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 27b25aa466b510b242d015ffc57473c58cee1a369dd4bb471a2b6843b192b7d8
                                                                                                                            • Instruction ID: 2a3c60e42da05fbba5f0bf95c2ca9657703ee8d9626dae8e25b6f0cd3f3b2faa
                                                                                                                            • Opcode Fuzzy Hash: 27b25aa466b510b242d015ffc57473c58cee1a369dd4bb471a2b6843b192b7d8
                                                                                                                            • Instruction Fuzzy Hash: 1AD0A7343002109FC2009718D458D9677EDEB88B21F004096F905CB360CEB1EC008BC0
                                                                                                                            Function 081D6B10 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a964f98d1f170b145d91384dc14113f781c8c26a3d909ef0d9cb7945afa07222
                                                                                                                            • Instruction ID: 9438b0790b554ca844f7d1c852536a667a430ffc61676fdfcaccef3abc5fdab6
                                                                                                                            • Opcode Fuzzy Hash: a964f98d1f170b145d91384dc14113f781c8c26a3d909ef0d9cb7945afa07222
                                                                                                                            • Instruction Fuzzy Hash: FBD02E2824E3C04FC3034B349C18A967FB39FC2245B0680CBE0818F177CA388448CB12
                                                                                                                            Function 09655DE8 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 53999fb02b18b58871a4d089a90d6601f14cb664a98911304c8b2b5e67536ce0
                                                                                                                            • Instruction ID: 3627ae1ca1e5832a83a3615a33838232a7df205634515c97f1460ed271ab1cd7
                                                                                                                            • Opcode Fuzzy Hash: 53999fb02b18b58871a4d089a90d6601f14cb664a98911304c8b2b5e67536ce0
                                                                                                                            • Instruction Fuzzy Hash: DFD0C736101214FBCB065F94DD10895BF69EF1D76971480ADF5095A221C773D473DBD4
                                                                                                                            Function 081D65E7 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fce83edc17fe860b75deafca196ea848fdb72483f8a9baf261fa20fbf1c128fe
                                                                                                                            • Instruction ID: f901cb541fd7ede31e193718a763daae9418a67f1fc11a032802eba0a51de140
                                                                                                                            • Opcode Fuzzy Hash: fce83edc17fe860b75deafca196ea848fdb72483f8a9baf261fa20fbf1c128fe
                                                                                                                            • Instruction Fuzzy Hash: A9D05E300493C54EC7126F24E0848847F70DE022143251ADAE0C8CB423C975485ACB05
                                                                                                                            Function 081D5DC1 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6695f285e30f2b037f387181090ba68a97a6a5f833421a95a91cdd21b1bf9ab
                                                                                                                            • Instruction ID: d9a01d7f08652e593346d599a5f7a63c88ef84e7a7d80d714f5f51546eecb74b
                                                                                                                            • Opcode Fuzzy Hash: d6695f285e30f2b037f387181090ba68a97a6a5f833421a95a91cdd21b1bf9ab
                                                                                                                            • Instruction Fuzzy Hash: B2D0123009938D1FC3035724AD119C03F3D9D4621674C51A2E4449A47BC658295987A5
                                                                                                                            Function 096522C7 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 050f5a2375ecd5d7ad579da2b7bedf84a46bff22eb065405ce2f3a9bea00975b
                                                                                                                            • Instruction ID: 45cd99ceafaa2289b009b4ba53dea2d0cdc325f9ac003aaf5495f4e499c4a982
                                                                                                                            • Opcode Fuzzy Hash: 050f5a2375ecd5d7ad579da2b7bedf84a46bff22eb065405ce2f3a9bea00975b
                                                                                                                            • Instruction Fuzzy Hash: 50D05E3001A781CDC306BF748404058BB30FFA3300F0485AFC0815A222EE359089CB52
                                                                                                                            Function 0960CC98 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c33264f51f44a3991ab8adaa14b37eb70825afc33d20e8fff6f9cc7993b80cc
                                                                                                                            • Instruction ID: 1491ddfb39c8790e88d3a92acf6dcb4e49cfac3613e93d5b9b54add464701e05
                                                                                                                            • Opcode Fuzzy Hash: 7c33264f51f44a3991ab8adaa14b37eb70825afc33d20e8fff6f9cc7993b80cc
                                                                                                                            • Instruction Fuzzy Hash: DBC01235A402559FDBA85FA5A1552EA3BE8EF90252B144126E54FC02A2CA2180049F51
                                                                                                                            Function 081D5D98 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8b90d14a0d52e0561797c5d601c9abc6d8029d06e6ea608a296dcc99f4914f9b
                                                                                                                            • Instruction ID: 9c79d849784364d591a7c6a45bea7bfd69c9172dfa38cb3d3735eab98ffff130
                                                                                                                            • Opcode Fuzzy Hash: 8b90d14a0d52e0561797c5d601c9abc6d8029d06e6ea608a296dcc99f4914f9b
                                                                                                                            • Instruction Fuzzy Hash: D5D0122022A3C51BCB0392394E614D47F628BC720634C849AD0809F2A7CA28980A8BA2
                                                                                                                            Function 0960CCA0 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238103277.0000000009600000.00000040.00000800.00020000.00000000.sdmp, Offset: 09600000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9600000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7030d261fb64f27407ccfd6b48fcd5ff20f2d9c0927b89ab60ee4688f9357011
                                                                                                                            • Instruction ID: 77777ea4a6981dbd518c4499c3b9f7a93b0b15ba69421cd133191b2fc4b0d103
                                                                                                                            • Opcode Fuzzy Hash: 7030d261fb64f27407ccfd6b48fcd5ff20f2d9c0927b89ab60ee4688f9357011
                                                                                                                            • Instruction Fuzzy Hash: FDC08C302409484BDAA05FE2B91833A338CC780601F040021F40EC02C2EE189400A552
                                                                                                                            Function 0965A4B8 Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98513071b93770af5062fe9f3ad4dfa2fc73dbc48f9de48e33da8ef3035ee4cd
                                                                                                                            • Instruction ID: 8700a42d03becd353009a279ec60cfd0583eef14b91661975ad8fbafb22e48ed
                                                                                                                            • Opcode Fuzzy Hash: 98513071b93770af5062fe9f3ad4dfa2fc73dbc48f9de48e33da8ef3035ee4cd
                                                                                                                            • Instruction Fuzzy Hash: 47D05E7094C3C04ECF03DF329D6A4043F309E02300742428AD0888E067DE109004C751
                                                                                                                            Function 0965C660 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d36cb798322b211e9311ad08044f0e779a8749fc49e875db322451f82932cd5b
                                                                                                                            • Instruction ID: 3a81e3a0086a9dbf1037df6199b246fc66ce179e9a0719505d4d6e4561e6e98e
                                                                                                                            • Opcode Fuzzy Hash: d36cb798322b211e9311ad08044f0e779a8749fc49e875db322451f82932cd5b
                                                                                                                            • Instruction Fuzzy Hash: 3EC04C353405048FC344DB5DD445C55F7E9EF9C615315C0A5E509CB332D632FC52DA54
                                                                                                                            Function 081D6B20 Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0db5220e8aa50e9652ff43e31a2135a95d2258c9927093191e8e3117e2c918fe
                                                                                                                            • Instruction ID: 49bf2dd16b61f94ca3b3aa7bac0f05e9968992cc81c56aed708a8b494602b6c5
                                                                                                                            • Opcode Fuzzy Hash: 0db5220e8aa50e9652ff43e31a2135a95d2258c9927093191e8e3117e2c918fe
                                                                                                                            • Instruction Fuzzy Hash: B1C08CBC6001004FD3058F348C48B2BBAEBEFE8302F12D41EA10186268CA38C885CA69
                                                                                                                            Function 096505F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1ea6a6f0302d1ce002e6e13e7ac45b69bcef984fd487fefba2bf34c94b7833d
                                                                                                                            • Instruction ID: 92be97211d20f9e9d9f734491f147bf54e6836cfb866285796579451055c4b0f
                                                                                                                            • Opcode Fuzzy Hash: c1ea6a6f0302d1ce002e6e13e7ac45b69bcef984fd487fefba2bf34c94b7833d
                                                                                                                            • Instruction Fuzzy Hash: 05C08C2030C2C407DF019EE4E0303653776E7C2B00F0080D1E4A183A89C6208880CE63
                                                                                                                            Function 09651A3F Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3238241163.0000000009650000.00000040.00000800.00020000.00000000.sdmp, Offset: 09650000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_9650000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d4de792db7e55eb863f3b558ee4aee2030cb50a273f672970e506e5d45334880
                                                                                                                            • Instruction ID: 77d20ec00d79ab08e1d6a66eed57fe9d33a5505441710f361f402dbe1a64e186
                                                                                                                            • Opcode Fuzzy Hash: d4de792db7e55eb863f3b558ee4aee2030cb50a273f672970e506e5d45334880
                                                                                                                            • Instruction Fuzzy Hash: 9FC04C70505345E6F7597FB0951C165B331FFA6349F28C4AA800595294CE324046DB11
                                                                                                                            Function 081D5DD0 Relevance: .0, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a1925bf4935975dd5a5850035c6ed7b22b15e3a4b07f4ffeecf382c62e3e0213
                                                                                                                            • Instruction ID: 0443f1710d1243d6bb1a1ac5cccfb89c8ab262e1db942d98b3aee4d389f6126d
                                                                                                                            • Opcode Fuzzy Hash: a1925bf4935975dd5a5850035c6ed7b22b15e3a4b07f4ffeecf382c62e3e0213
                                                                                                                            • Instruction Fuzzy Hash: 30B0123105030D4FC5006F55F906E443B1CDE44209B402630B00C05026DFB86C898B88
                                                                                                                            Function 081D65F8 Relevance: .0, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3235804529.00000000081D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_81d0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96ec172260201e280365272d814fe283855424c01f65c93e44350b0ff3eb9181
                                                                                                                            • Instruction ID: 8f554516cb044bd9f1b1a8e4e5c22f08603cfcff9d7f3b84a75e62c5de35102a
                                                                                                                            • Opcode Fuzzy Hash: 96ec172260201e280365272d814fe283855424c01f65c93e44350b0ff3eb9181
                                                                                                                            • Instruction Fuzzy Hash: 3EB0123008030D8FC6006F66F405D083B2CEF4020C7503261B00C45126DE787D8E8A88
                                                                                                                            Function 088CADC8 Relevance: .0, Instructions: 5COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.3236162552.00000000088C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088C0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_88c0000_WCDVlB5SDr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0d1e74207ea5343c6304c3e99ba691074c0603c842ce4d2c682478804012ab5
                                                                                                                            • Instruction ID: fe6cb36ea02c279f116e0f3761abeab64a278283312fbefe0bf88106243f4de6
                                                                                                                            • Opcode Fuzzy Hash: f0d1e74207ea5343c6304c3e99ba691074c0603c842ce4d2c682478804012ab5
                                                                                                                            • Instruction Fuzzy Hash: 8FA012B0802500CF4F498E7182440163650AD517413100048D84768460C7380103C602