Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO 059420.exe

Overview

General Information

Sample Name:PO 059420.exe
Analysis ID:715096
MD5:139deb18239c1db30775b256717b91a6
SHA1:3539a4b24d8f5b601d99a2239f5f18e17cd5fb04
SHA256:5f2a513bb02d1432e658ac0d65327d0ed56f6a4f1e014de8e4ff50fcf738ca93
Tags:exeJustClickAm-com
Infos:

Detection

NetWire
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Yara detected NetWire RAT
Sigma detected: Scheduled temp file as task from temp location
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • PO 059420.exe (PID: 4600 cmdline: C:\Users\user\Desktop\PO 059420.exe MD5: 139DEB18239C1DB30775B256717B91A6)
    • schtasks.exe (PID: 6136 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • PO 059420.exe (PID: 1916 cmdline: {path} MD5: 139DEB18239C1DB30775B256717B91A6)
      • Host.exe (PID: 5188 cmdline: "C:\Users\user\AppData\Roaming\Install\Host.exe" MD5: 139DEB18239C1DB30775B256717B91A6)
        • schtasks.exe (PID: 4756 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmp46B4.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 5556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Host.exe (PID: 4140 cmdline: {path} MD5: 139DEB18239C1DB30775B256717B91A6)
        • MpCmdRun.exe (PID: 4756 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
          • conhost.exe (PID: 5188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: NetWire

{"C2 list": ["37.0.14.206:3384"], "Password": "Password234", "Host ID": "HostId-%Rand%", "Mutex": "-", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.323599749.000000000041B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
    00000003.00000002.323643134.0000000000423000.00000040.00000400.00020000.00000000.sdmpnetwiredetect netwire in memoryJPCERT/CC Incident Response Group
    • 0x3cc:$v1: HostId-%Rand%
    00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
      00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
        00000003.00000000.319873179.000000000041B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
          Click to see the 11 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.PO 059420.exe.4037e10.2.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
            3.0.PO 059420.exe.400000.0.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
              0.2.PO 059420.exe.4037e10.2.raw.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security

                Sigma Signatures

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\PO 059420.exe, ParentImage: C:\Users\user\Desktop\PO 059420.exe, ParentProcessId: 4600, ParentProcessName: PO 059420.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp, ProcessId: 6136, ProcessName: schtasks.exe

                Snort Signatures

                Timestamp:37.0.14.206192.168.2.53384497052837546 10/03/22-16:17:34.145888
                SID:2837546
                Source Port:3384
                Destination Port:49705
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: PO 059420.exeReversingLabs: Detection: 38%
                Source: PO 059420.exeVirustotal: Detection: 32%Perma Link
                Antivirus detection for URL or domain
                Source: 37.0.14.206:3384Avira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: 37.0.14.206:3384Virustotal: Detection: 14%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeReversingLabs: Detection: 38%
                Source: C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exeReversingLabs: Detection: 38%
                Machine Learning detection for sample
                Source: PO 059420.exeJoe Sandbox ML: detected
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeJoe Sandbox ML: detected
                Source: 0.2.PO 059420.exe.4037e10.2.raw.unpackMalware Configuration Extractor: NetWire {"C2 list": ["37.0.14.206:3384"], "Password": "Password234", "Host ID": "HostId-%Rand%", "Mutex": "-", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-"}
                Source: PO 059420.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: PO 059420.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2837546 ETPRO TROJAN Netwire RAT Check-in 37.0.14.206:3384 -> 192.168.2.5:49705
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: 37.0.14.206:3384
                Source: Joe Sandbox ViewASN Name: WKD-ASIE WKD-ASIE
                Source: Joe Sandbox ViewIP Address: 37.0.14.206 37.0.14.206
                Source: global trafficTCP traffic: 192.168.2.5:49705 -> 37.0.14.206:3384
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: unknownTCP traffic detected without corresponding DNS query: 37.0.14.206
                Source: PO 059420.exe, 00000000.00000003.300372827.0000000005DE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                Source: PO 059420.exe, 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: PO 059420.exe, 00000000.00000003.308588551.0000000005DE3000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.320972707.0000000005DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
                Source: PO 059420.exe, 00000000.00000003.308588551.0000000005DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comceta
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.303542763.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.303559818.0000000005DE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: PO 059420.exe, 00000000.00000003.303542763.0000000005DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/4
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: PO 059420.exe, 00000000.00000003.306696235.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: PO 059420.exe, 00000000.00000003.301319980.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comg
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 00000003.00000002.323643134.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
                Source: 00000008.00000002.564992152.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
                Source: Process Memory Space: PO 059420.exe PID: 1916, type: MEMORYSTRMatched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
                Source: Process Memory Space: Host.exe PID: 4140, type: MEMORYSTRMatched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
                Source: PO 059420.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 00000003.00000002.323643134.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
                Source: 00000008.00000002.564992152.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
                Source: Process Memory Space: PO 059420.exe PID: 4600, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
                Source: Process Memory Space: PO 059420.exe PID: 1916, type: MEMORYSTRMatched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
                Source: Process Memory Space: Host.exe PID: 5188, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
                Source: Process Memory Space: Host.exe PID: 4140, type: MEMORYSTRMatched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0133D7F40_2_0133D7F4
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0133E1E00_2_0133E1E0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0133E1DE0_2_0133E1DE
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0133B9740_2_0133B974
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0133FC510_2_0133FC51
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_07824E700_2_07824E70
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782ED880_2_0782ED88
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_07828B800_2_07828B80
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782D7100_2_0782D710
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_078255D80_2_078255D8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_078275580_2_07827558
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782E5C80_2_0782E5C8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782E5D80_2_0782E5D8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782ED780_2_0782ED78
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782CCE00_2_0782CCE0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782F3410_2_0782F341
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782F3500_2_0782F350
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782BE5B0_2_0782BE5B
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0782BE680_2_0782BE68
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085DFCF80_2_085DFCF8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D2D000_2_085D2D00
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D3F880_2_085D3F88
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D55700_2_085D5570
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085DD5D00_2_085DD5D0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D47D80_2_085D47D8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D98580_2_085D9858
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D8A180_2_085D8A18
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D8A280_2_085D8A28
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085DDAB80_2_085DDAB8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085DEC000_2_085DEC00
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D8C380_2_085D8C38
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D8C290_2_085D8C29
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085DDCD80_2_085DDCD8
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D3F0E0_2_085D3F0E
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D7F380_2_085D7F38
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D7F280_2_085D7F28
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D82500_2_085D8250
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D82400_2_085D8240
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D33400_2_085D3340
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D33300_2_085D3330
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D55600_2_085D5560
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D85C00_2_085D85C0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D85B30_2_085D85B3
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D97D60_2_085D97D6
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D47C90_2_085D47C9
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D87B00_2_085D87B0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_085D87A00_2_085D87A0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F25700_2_0E0F2570
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F05C00_2_0E0F05C0
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F03580_2_0E0F0358
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F27840_2_0E0F2784
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F25690_2_0E0F2569
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F05B50_2_0E0F05B5
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F03480_2_0E0F0348
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F00070_2_0E0F0007
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F00400_2_0E0F0040
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551ED004_2_0551ED00
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_05514E704_2_05514E70
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551E5D84_2_0551E5D8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551E5C84_2_0551E5C8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551F2B84_2_0551F2B8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551CC5A4_2_0551CC5A
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551ECF04_2_0551ECF0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551BE594_2_0551BE59
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551BE684_2_0551BE68
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0551DAF84_2_0551DAF8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077647C94_2_077647C9
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07763F884_2_07763F88
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077655604_2_07765560
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0776D5D04_2_0776D5D0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07762DA04_2_07762DA0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0776FCF84_2_0776FCF8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07767F384_2_07767F38
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07767F284_2_07767F28
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07763F034_2_07763F03
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077687B04_2_077687B0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077687A04_2_077687A0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077685C04_2_077685C0
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077685B34_2_077685B3
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07768C294_2_07768C29
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0776EC004_2_0776EC00
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077633304_2_07763330
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_077682404_2_07768240
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07768A284_2_07768A28
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_07768A184_2_07768A18
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0776DAB84_2_0776DAB8
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0D3305B14_2_0D3305B1
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0D3303584_2_0D330358
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0D3300404_2_0D330040
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0D3303484_2_0D330348
                Source: PO 059420.exe, 00000000.00000002.341458607.00000000082B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameQuestKingdom.dllH vs PO 059420.exe
                Source: PO 059420.exe, 00000000.00000002.324734583.0000000002FDE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs PO 059420.exe
                Source: PO 059420.exe, 00000000.00000002.341543894.00000000084A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs PO 059420.exe
                Source: PO 059420.exe, 00000000.00000002.328094627.0000000003F99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameP2mI.exe> vs PO 059420.exe
                Source: PO 059420.exe, 00000000.00000002.328094627.0000000003F99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs PO 059420.exe
                Source: PO 059420.exe, 00000000.00000002.328094627.0000000003F99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQuestKingdom.dllH vs PO 059420.exe
                Source: PO 059420.exe, 00000003.00000002.324243547.00000000011B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameP2mI.exe> vs PO 059420.exe
                Source: PO 059420.exeBinary or memory string: OriginalFilenameP2mI.exe> vs PO 059420.exe
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Install\Host.exe 5F2A513BB02D1432E658AC0D65327D0ED56F6A4F1E014DE8E4FF50FCF738CA93
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exe 5F2A513BB02D1432E658AC0D65327D0ED56F6A4F1E014DE8E4FF50FCF738CA93
                Source: PO 059420.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: pgzBzcEDZDX.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Host.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PO 059420.exeReversingLabs: Detection: 38%
                Source: PO 059420.exeVirustotal: Detection: 32%
                Source: C:\Users\user\Desktop\PO 059420.exeFile read: C:\Users\user\Desktop\PO 059420.exeJump to behavior
                Source: PO 059420.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\PO 059420.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\PO 059420.exe C:\Users\user\Desktop\PO 059420.exe
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\Desktop\PO 059420.exe {path}
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe "C:\Users\user\AppData\Roaming\Install\Host.exe"
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmp46B4.tmp
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe {path}
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmpJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\Desktop\PO 059420.exe {path}Jump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe "C:\Users\user\AppData\Roaming\Install\Host.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmp46B4.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe {path}Jump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeFile created: C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exeJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeFile created: C:\Users\user\AppData\Local\Temp\tmpFCF6.tmpJump to behavior
                Source: classification engineClassification label: mal100.troj.evad.winEXE@15/7@0/1
                Source: C:\Users\user\Desktop\PO 059420.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: PO 059420.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\PO 059420.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1544:120:WilError_01
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5188:120:WilError_01
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeMutant created: \Sessions\1\BaseNamedObjects\-
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeMutant created: \Sessions\1\BaseNamedObjects\czdggpDWYATzBvcsCf
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5556:120:WilError_01
                Source: PO 059420.exe, 00000000.00000003.305553675.0000000005DED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Segoe is a trademark of the Microsoft group of companies.slnt
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\PO 059420.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: PO 059420.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: PO 059420.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_07822C10 pushfd ; retf 0_2_07822C11
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_07821B08 pushfd ; ret 0_2_07821B09
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_07821A90 push eax; ret 0_2_07821A91
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F558D push FFFFFF8Bh; iretd 0_2_0E0F558F
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F1A23 push cs; ret 0_2_0E0F1A28
                Source: C:\Users\user\Desktop\PO 059420.exeCode function: 0_2_0E0F1973 push cs; iretd 0_2_0E0F1974
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_05512C10 pushfd ; retf 4_2_05512C11
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_05511B08 pushfd ; ret 4_2_05511B09
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_05511A90 push eax; ret 4_2_05511A91
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeCode function: 4_2_0D33557A push dword ptr [edx+ebp*2-75h]; iretd 4_2_0D335587
                Source: initial sampleStatic PE information: section name: .text entropy: 7.8243407891344505
                Source: initial sampleStatic PE information: section name: .text entropy: 7.8243407891344505
                Source: initial sampleStatic PE information: section name: .text entropy: 7.8243407891344505
                Source: C:\Users\user\Desktop\PO 059420.exeFile created: C:\Users\user\AppData\Roaming\Install\Host.exeJump to dropped file
                Source: C:\Users\user\Desktop\PO 059420.exeFile created: C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: PO 059420.exe PID: 4600, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Host.exe PID: 5188, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: PO 059420.exe, 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                Source: PO 059420.exe, 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\PO 059420.exe TID: 5312Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exe TID: 1008Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\PO 059420.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                Source: Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                Source: PO 059420.exe, 00000003.00000002.324243547.00000000011B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\PO 059420.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\PO 059420.exeMemory written: C:\Users\user\Desktop\PO 059420.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeMemory written: C:\Users\user\AppData\Roaming\Install\Host.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmpJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\Desktop\PO 059420.exe {path}Jump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe "C:\Users\user\AppData\Roaming\Install\Host.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmp46B4.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeProcess created: C:\Users\user\AppData\Roaming\Install\Host.exe {path}Jump to behavior
                Source: Host.exe, 00000008.00000002.565089772.0000000000CF5000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Users\user\Desktop\PO 059420.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeQueries volume information: C:\Users\user\AppData\Roaming\Install\Host.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Install\Host.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO 059420.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Remote Access Functionality

                barindex
                Yara detected NetWire RAT
                Source: Yara matchFile source: 0.2.PO 059420.exe.4037e10.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.0.PO 059420.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO 059420.exe.4037e10.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.323599749.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000000.319873179.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.328094627.0000000003F99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: PO 059420.exe PID: 4600, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: PO 059420.exe PID: 1916, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Host.exe PID: 5188, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		112
                Process Injection                		1
                Masquerading                		OS Credential Dumping21
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium1
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Scheduled Task/Job                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                Non-Standard Port                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
                Virtualization/Sandbox Evasion                		Security Account Manager21
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)112
                Process Injection                		NTDS1
                File and Directory Discovery                		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets12
                System Information Discovery                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common2
                Software Packing                		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 715096 Sample: PO 059420.exe Startdate: 03/10/2022 Architecture: WINDOWS Score: 100 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 11 other signatures 2->50 9 PO 059420.exe 6 2->9         started        process3 file4 34 C:\Users\user\AppData\...\pgzBzcEDZDX.exe, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\...\tmpFCF6.tmp, XML 9->36 dropped 38 C:\Users\user\AppData\...\PO 059420.exe.log, ASCII 9->38 dropped 58 Injects a PE file into a foreign processes 9->58 13 PO 059420.exe 3 9->13         started        16 schtasks.exe 1 9->16         started        signatures5 process6 file7 40 C:\Users\user\AppData\Roaming\...\Host.exe, PE32 13->40 dropped 18 Host.exe 5 13->18         started        21 conhost.exe 16->21         started        process8 signatures9 52 Multi AV Scanner detection for dropped file 18->52 54 Machine Learning detection for dropped file 18->54 56 Injects a PE file into a foreign processes 18->56 23 Host.exe 18->23         started        26 MpCmdRun.exe 1 18->26         started        28 schtasks.exe 1 18->28         started        process10 dnsIp11 42 37.0.14.206, 3384, 49705 WKD-ASIE Netherlands 23->42 30 conhost.exe 26->30         started        32 conhost.exe 28->32         started        process12

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PO 059420.exe38%ReversingLabsByteCode-MSIL.Backdoor.NetWiredRc
                PO 059420.exe32%VirustotalBrowse
                PO 059420.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Install\Host.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Install\Host.exe38%ReversingLabsByteCode-MSIL.Backdoor.NetWiredRc
                C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exe38%ReversingLabsByteCode-MSIL.Backdoor.NetWiredRc

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                3.0.PO 059420.exe.400000.0.unpack100%AviraHEUR/AGEN.1250673Download File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.fontbureau.comceta0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://en.w0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.monotype.0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                37.0.14.206:338415%VirustotalBrowse
                37.0.14.206:3384100%Avira URL Cloudmalware
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.tiro.comg0%Avira URL Cloudsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.founder.com.cn/cn/40%Avira URL Cloudsafe
                http://www.founder.com.cn/cn/41%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                No contacted domains info

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                37.0.14.206:3384true
                • 15%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.apache.org/licenses/LICENSE-2.0PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bThePO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.tiro.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comcetaPO 059420.exe, 00000000.00000003.308588551.0000000005DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.goodfont.co.krPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comaPO 059420.exe, 00000000.00000003.308588551.0000000005DE3000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.320972707.0000000005DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://en.wPO 059420.exe, 00000000.00000003.300372827.0000000005DE9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/cThePO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cnPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.303542763.0000000005DEB000.00000004.00000800.00020000.00000000.sdmp, PO 059420.exe, 00000000.00000003.303559818.0000000005DE5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.monotype.PO 059420.exe, 00000000.00000003.306696235.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/DPleasePO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8PO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fonts.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.tiro.comgPO 059420.exe, 00000000.00000003.301319980.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.urwpp.deDPleasePO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cnPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO 059420.exe, 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Host.exe, 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/4PO 059420.exe, 00000000.00000003.303542763.0000000005DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.sakkal.comPO 059420.exe, 00000000.00000002.339274070.0000000006FF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      37.0.14.206
                                      		unknownNetherlands
                                      		198301WKD-ASIEtrue

                                      General Information

                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                      Analysis ID:715096
                                      Start date and time:2022-10-03 16:16:09 +02:00
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 8m 24s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:PO 059420.exe
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:21
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@15/7@0/1
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HDC Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 89%
                                      • Number of executed functions: 244
                                      • Number of non-executed functions: 31
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                      • Excluded domains from analysis (whitelisted): login.live.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      16:17:10API Interceptor1x Sleep call for process: PO 059420.exe modified
                                      16:17:25API Interceptor1x Sleep call for process: Host.exe modified
                                      16:17:59API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      37.0.14.206PO 07397693 AUGUST.xlsGet hashmaliciousBrowse
                                        PO 07397693.xlsGet hashmaliciousBrowse
                                          qKYRmdNGRY.exeGet hashmaliciousBrowse
                                            9Agk3L0W2j.exeGet hashmaliciousBrowse
                                              xaicaYBQ5l.exeGet hashmaliciousBrowse
                                                RFQ 0744236940.xll.dllGet hashmaliciousBrowse
                                                  Order_2609220047785.xll.dllGet hashmaliciousBrowse
                                                    PO 074964.xll.dllGet hashmaliciousBrowse
                                                      image2021042GFREDS12322ERDQ1DOC03027382DOC202.exeGet hashmaliciousBrowse
                                                        U75xJQR4a0.exeGet hashmaliciousBrowse
                                                          xC4pjPfcvN.exeGet hashmaliciousBrowse
                                                            RFQ - 0740089380 WIpak Oy July.xlsxGet hashmaliciousBrowse
                                                              PO -002784.xlsxGet hashmaliciousBrowse
                                                                85m6riZZ9Q.exeGet hashmaliciousBrowse
                                                                  OBTLWkeJIt.exeGet hashmaliciousBrowse
                                                                    Contract Wipak Oy 2022.pdf.exeGet hashmaliciousBrowse
                                                                      PO-92059.doc.exeGet hashmaliciousBrowse
                                                                        PO-92059.doc.exeGet hashmaliciousBrowse
                                                                          zm5MfJ24oH.exeGet hashmaliciousBrowse
                                                                            purchase order.exeGet hashmaliciousBrowse

                                                                              Domains

                                                                              No context

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              WKD-ASIEPO 07397693 AUGUST.xlsGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              PO 07397693.xlsGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              qKYRmdNGRY.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              FAKTURA.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.207
                                                                              9Agk3L0W2j.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              xaicaYBQ5l.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              invoice56373838373.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.197
                                                                              7140765CD0D5F61BB453F0511E24786E21D950C2CB3B3.exeGet hashmaliciousBrowse
                                                                              • 37.0.8.235
                                                                              PAYMENTADVICE290922.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.212
                                                                              Shipping Documents.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.201
                                                                              Payments 0922.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.211
                                                                              Original Documents.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.211
                                                                              PI98947.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.209
                                                                              SecuriteInfo.com.W32.Injector.EADG-7386.17345.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.216
                                                                              RFQ 0744236940.xll.dllGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              Order_2609220047785.xll.dllGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              Paymenta 09262022.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.211
                                                                              attached transfer request.exeGet hashmaliciousBrowse
                                                                              • 37.0.14.199
                                                                              PO 074964.xll.dllGet hashmaliciousBrowse
                                                                              • 37.0.14.206
                                                                              POSEP006.jsGet hashmaliciousBrowse
                                                                              • 37.0.14.204

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exePO 07397693 AUGUST.xlsGet hashmaliciousBrowse
                                                                                PO 07397693.xlsGet hashmaliciousBrowse
                                                                                  C:\Users\user\AppData\Roaming\Install\Host.exePO 07397693 AUGUST.xlsGet hashmaliciousBrowse
                                                                                    PO 07397693.xlsGet hashmaliciousBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Host.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\Install\Host.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.355304211458859
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHY
                                                                                      MD5:69206D3AF7D6EFD08F4B4726998856D3
                                                                                      SHA1:E778D4BF781F7712163CF5E2F5E7C15953E484CF
                                                                                      SHA-256:A937AD22F9C3E667A062BA0E116672960CD93522F6997C77C00370755929BA87
                                                                                      SHA-512:CD270C3DF75E548C9B0727F13F44F45262BD474336E89AAEBE56FABFE8076CD4638F88D3C0837B67C2EB3C54055679B07E4212FB3FEDBF88C015EB5DBBCD7FF8
                                                                                      Malicious:false
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 059420.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\PO 059420.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1216
                                                                                      Entropy (8bit):5.355304211458859
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHY
                                                                                      MD5:69206D3AF7D6EFD08F4B4726998856D3
                                                                                      SHA1:E778D4BF781F7712163CF5E2F5E7C15953E484CF
                                                                                      SHA-256:A937AD22F9C3E667A062BA0E116672960CD93522F6997C77C00370755929BA87
                                                                                      SHA-512:CD270C3DF75E548C9B0727F13F44F45262BD474336E89AAEBE56FABFE8076CD4638F88D3C0837B67C2EB3C54055679B07E4212FB3FEDBF88C015EB5DBBCD7FF8
                                                                                      Malicious:true
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                      C:\Users\user\AppData\Local\Temp\tmp46B4.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\Install\Host.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1648
                                                                                      Entropy (8bit):5.18220300174711
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB15Utn:cbhC7ZlNQF/rydbz9I3YODOLNdq3f5S
                                                                                      MD5:E1874C0A9C2B1DDAB8202382FC80BCF5
                                                                                      SHA1:33D83EB67CFBD22D86041D6C9518FCEDBB11B47E
                                                                                      SHA-256:0E8924A5E0A52533F1154C4B62EF6AAC85DCDF02AE905DDB99A3AE4B5FB1CAF3
                                                                                      SHA-512:5C0A229DDDB86190A226189BB0398159BD561ACAD32143077D91328B1BF5D40CCC205313A5A7790BA330E8E088C28954E55A5B2263C371E016F6FF497B01390F
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t

                                                                                      C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\PO 059420.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1648
                                                                                      Entropy (8bit):5.18220300174711
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB15Utn:cbhC7ZlNQF/rydbz9I3YODOLNdq3f5S
                                                                                      MD5:E1874C0A9C2B1DDAB8202382FC80BCF5
                                                                                      SHA1:33D83EB67CFBD22D86041D6C9518FCEDBB11B47E
                                                                                      SHA-256:0E8924A5E0A52533F1154C4B62EF6AAC85DCDF02AE905DDB99A3AE4B5FB1CAF3
                                                                                      SHA-512:5C0A229DDDB86190A226189BB0398159BD561ACAD32143077D91328B1BF5D40CCC205313A5A7790BA330E8E088C28954E55A5B2263C371E016F6FF497B01390F
                                                                                      Malicious:true
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t

                                                                                      C:\Users\user\AppData\Roaming\Install\Host.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\PO 059420.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):540160
                                                                                      Entropy (8bit):7.814158275127434
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:wucnf2iNF7xankO5z2Z3hTH5IPudSGATPjeDc4pDp4ClYdRU:wRf1f79Oh2Z35H2GdMPjucopjn
                                                                                      MD5:139DEB18239C1DB30775B256717B91A6
                                                                                      SHA1:3539A4B24D8F5B601D99A2239F5F18E17CD5FB04
                                                                                      SHA-256:5F2A513BB02D1432E658AC0D65327D0ED56F6A4F1E014DE8E4FF50FCF738CA93
                                                                                      SHA-512:7E27E7D7EA24795EC51C2EEA762F4DCB4DBAD04ACE4965B78B16609152E3C346FFA4D6B231A9DED9F4DD2ECA7493E54B5D1CAB82E0A6A4C56A3A07B44F64BBF7
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: PO 07397693 AUGUST.xls, Detection: malicious, Browse
                                                                                      • Filename: PO 07397693.xls, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V:c.............................=... ...@....@.. ....................................@..................................=..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......<..............@..B.................=......H............`..............@...........................................z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0...........{......,....f.........}......}......}.......s....o....}.......}....8......{....o....}......{....}......}.............}.....{........Y}.....{....-...+H.{........{....X.{....X .;.|.{....Xa}......}.....{....o....:q....(....+..(........}.........(......*................n..}.....{....,..{....o....*..{....*.s..

                                                                                      C:\Users\user\AppData\Roaming\pgzBzcEDZDX.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\PO 059420.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):540160
                                                                                      Entropy (8bit):7.814158275127434
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:wucnf2iNF7xankO5z2Z3hTH5IPudSGATPjeDc4pDp4ClYdRU:wRf1f79Oh2Z35H2GdMPjucopjn
                                                                                      MD5:139DEB18239C1DB30775B256717B91A6
                                                                                      SHA1:3539A4B24D8F5B601D99A2239F5F18E17CD5FB04
                                                                                      SHA-256:5F2A513BB02D1432E658AC0D65327D0ED56F6A4F1E014DE8E4FF50FCF738CA93
                                                                                      SHA-512:7E27E7D7EA24795EC51C2EEA762F4DCB4DBAD04ACE4965B78B16609152E3C346FFA4D6B231A9DED9F4DD2ECA7493E54B5D1CAB82E0A6A4C56A3A07B44F64BBF7
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: PO 07397693 AUGUST.xls, Detection: malicious, Browse
                                                                                      • Filename: PO 07397693.xls, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V:c.............................=... ...@....@.. ....................................@..................................=..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......<..............@..B.................=......H............`..............@...........................................z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0...........{......,....f.........}......}......}.......s....o....}.......}....8......{....o....}......{....}......}.............}.....{........Y}.....{....-...+H.{........{....X.{....X .;.|.{....Xa}......}.....{....o....:q....(....+..(........}.........(......*................n..}.....{....,..{....o....*..{....*.s..

                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                      Download File
                                                                                      Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):8156
                                                                                      Entropy (8bit):3.16808430889348
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:cEj+AbCEH+AbuEAc+AbhGEA+AbNEe+Ab/Ee+AbPE6w9+Ab1wTEE+Ab5Elh+AbCr:cY+38+DJc+iGr+MZ+65+6tg+ECf+YI+z
                                                                                      MD5:233C244CA1ADF553703A5ABEDF7780DF
                                                                                      SHA1:54D61862A33B795713F2AA043FCDE6BCC006FA06
                                                                                      SHA-256:E93DC02FEBD6E494013036348219A23B429068228119EACAD830B6DD7438CE07
                                                                                      SHA-512:958F06BDC4B46950BFAAC2E94F5FDFBD2FAA354D3195D9C5B5D6DBA8428F9163F95C7B69BB00BFBBAC7DE997234EB169D5F0E8A66BB4A5A37EF7B8F184F0186F
                                                                                      Malicious:false
                                                                                      Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.814158275127434
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:PO 059420.exe
                                                                                      File size:540160
                                                                                      MD5:139deb18239c1db30775b256717b91a6
                                                                                      SHA1:3539a4b24d8f5b601d99a2239f5f18e17cd5fb04
                                                                                      SHA256:5f2a513bb02d1432e658ac0d65327d0ed56f6a4f1e014de8e4ff50fcf738ca93
                                                                                      SHA512:7e27e7d7ea24795ec51c2eea762f4dcb4dbad04ace4965b78b16609152e3c346ffa4d6b231a9ded9f4dd2eca7493e54b5d1cab82e0a6a4c56a3a07b44f64bbf7
                                                                                      SSDEEP:12288:wucnf2iNF7xankO5z2Z3hTH5IPudSGATPjeDc4pDp4ClYdRU:wRf1f79Oh2Z35H2GdMPjucopjn
                                                                                      TLSH:E9B4E0FC532C7FBBD27E10B91416D04802FD851A2260F685BCF6A5D7A1C3BD54B329AA
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V:c.............................=... ...@....@.. ....................................@................................

                                                                                      File Icon

                                                                                      Icon Hash:4099d9c2ce989902

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x483de2
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x633A56C8 [Mon Oct 3 03:28:08 2022 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x83d880x57.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x1ae0.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x81de80x81e00False0.8779456659047161data7.8243407891344505IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x840000x1ae00x1c00False0.8017578125data7.233952869050084IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x860000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0x841300x1354PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      RT_GROUP_ICON0x854840x14data
                                                                                      RT_VERSION0x854980x360data
                                                                                      RT_MANIFEST0x857f80x2e8XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (741), with no line terminators

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      37.0.14.206192.168.2.53384497052837546 10/03/22-16:17:34.145888TCP2837546ETPRO TROJAN Netwire RAT Check-in33844970537.0.14.206192.168.2.5

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Oct 3, 2022 16:17:30.652000904 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:17:33.779834986 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:17:33.965631008 CEST33844970537.0.14.206192.168.2.5
                                                                                      Oct 3, 2022 16:17:33.965816975 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:17:33.966686010 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:17:34.145888090 CEST33844970537.0.14.206192.168.2.5
                                                                                      Oct 3, 2022 16:17:34.152542114 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:17:34.387824059 CEST33844970537.0.14.206192.168.2.5
                                                                                      Oct 3, 2022 16:18:32.637304068 CEST33844970537.0.14.206192.168.2.5
                                                                                      Oct 3, 2022 16:18:32.640719891 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:18:33.113528967 CEST33844970537.0.14.206192.168.2.5
                                                                                      Oct 3, 2022 16:18:33.113604069 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:18:33.144264936 CEST497053384192.168.2.537.0.14.206
                                                                                      Oct 3, 2022 16:18:33.375653028 CEST33844970537.0.14.206192.168.2.5

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:16:17:03
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Users\user\Desktop\PO 059420.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\PO 059420.exe
                                                                                      Imagebase:0xaf0000
                                                                                      File size:540160 bytes
                                                                                      MD5 hash:139DEB18239C1DB30775B256717B91A6
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 00000000.00000002.324385254.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 00000000.00000002.328094627.0000000003F99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:16:17:13
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp
                                                                                      Imagebase:0x340000
                                                                                      File size:185856 bytes
                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:16:17:13
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7fcd70000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:16:17:14
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Users\user\Desktop\PO 059420.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:{path}
                                                                                      Imagebase:0xa30000
                                                                                      File size:540160 bytes
                                                                                      MD5 hash:139DEB18239C1DB30775B256717B91A6
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 00000003.00000002.323599749.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: netwire, Description: detect netwire in memory, Source: 00000003.00000002.323643134.0000000000423000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 00000003.00000000.319873179.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:16:17:15
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Users\user\AppData\Roaming\Install\Host.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Install\Host.exe"
                                                                                      Imagebase:0x190000
                                                                                      File size:540160 bytes
                                                                                      MD5 hash:139DEB18239C1DB30775B256717B91A6
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 00000004.00000002.355950894.0000000002511000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 38%, ReversingLabs
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:16:17:28
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pgzBzcEDZDX" /XML "C:\Users\user\AppData\Local\Temp\tmp46B4.tmp
                                                                                      Imagebase:0x340000
                                                                                      File size:185856 bytes
                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:16:17:29
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7fcd70000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:16:17:29
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Users\user\AppData\Roaming\Install\Host.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:{path}
                                                                                      Imagebase:0x830000
                                                                                      File size:540160 bytes
                                                                                      MD5 hash:139DEB18239C1DB30775B256717B91A6
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: netwire, Description: detect netwire in memory, Source: 00000008.00000002.564992152.0000000000423000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:16:17:59
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                      Imagebase:0x7ff7482b0000
                                                                                      File size:455656 bytes
                                                                                      MD5 hash:A267555174BFA53844371226F482B86B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:16:17:59
                                                                                      Start date:03/10/2022
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7fcd70000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:12.7%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:13.9%
                                                                                        Total number of Nodes:194
                                                                                        Total number of Limit Nodes:12
                                                                                        execution_graph 31832 133fc31 31833 133fc47 31832->31833 31835 133d7f4 31832->31835 31837 133d7ff 31835->31837 31836 133fe99 31837->31836 31839 133fb70 SetWindowLongW 31837->31839 31839->31836 31840 133b430 GetCurrentProcess 31841 133b4a3 31840->31841 31842 133b4aa GetCurrentThread 31840->31842 31841->31842 31843 133b4e0 31842->31843 31844 133b4e7 GetCurrentProcess 31842->31844 31843->31844 31845 133b51d 31844->31845 31846 133b545 GetCurrentThreadId 31845->31846 31847 133b576 31846->31847 31851 133ba60 DuplicateHandle 31852 133baf6 31851->31852 31853 133fb10 31854 133fb36 31853->31854 31857 133d7bc 31854->31857 31856 133fb42 31858 133d7c7 31857->31858 31859 133d7f4 SetWindowLongW 31858->31859 31860 133fc47 31859->31860 31860->31856 31861 1339050 31864 1339148 31861->31864 31862 133905f 31865 133915b 31864->31865 31866 1339173 31865->31866 31872 13393d0 31865->31872 31876 13393c0 31865->31876 31866->31862 31867 133916b 31867->31866 31868 1339370 GetModuleHandleW 31867->31868 31869 133939d 31868->31869 31869->31862 31873 13393e4 31872->31873 31874 1339409 31873->31874 31880 1338508 31873->31880 31874->31867 31877 13393e4 31876->31877 31878 1339409 31877->31878 31879 1338508 LoadLibraryExW 31877->31879 31878->31867 31879->31878 31881 13395b0 LoadLibraryExW 31880->31881 31883 1339629 31881->31883 31883->31874 31884 e0f2a28 31885 e0f2bb3 31884->31885 31886 e0f2a4e 31884->31886 31886->31885 31891 133d7dc 31886->31891 31894 133fb99 SetWindowLongW 31886->31894 31896 e0f2ca2 PostMessageW 31886->31896 31898 e0f2ca8 PostMessageW 31886->31898 31892 133fba0 SetWindowLongW 31891->31892 31893 133fc0c 31892->31893 31893->31886 31895 133fc0c 31894->31895 31895->31886 31897 e0f2d14 31896->31897 31897->31886 31899 e0f2d14 31898->31899 31899->31886 31965 782fdb8 31966 782fdd5 31965->31966 31970 e0f0348 31966->31970 31983 e0f0358 31966->31983 31967 782fdf8 31971 e0f037f 31970->31971 31972 e0f0456 31971->31972 31996 e0f124e 31971->31996 32000 e0f09b0 31971->32000 32004 e0f05c0 31971->32004 32009 e0f17c4 31971->32009 32013 e0f05b5 31971->32013 32018 e0f08d7 31971->32018 32022 e0f0f3c 31971->32022 32026 e0f148e 31971->32026 32030 e0f0efe 31971->32030 32035 e0f162e 31971->32035 31972->31967 31984 e0f037f 31983->31984 31985 e0f0456 31984->31985 31986 e0f124e 2 API calls 31984->31986 31987 e0f162e 2 API calls 31984->31987 31988 e0f0efe 2 API calls 31984->31988 31989 e0f148e 2 API calls 31984->31989 31990 e0f0f3c 2 API calls 31984->31990 31991 e0f08d7 2 API calls 31984->31991 31992 e0f05b5 2 API calls 31984->31992 31993 e0f17c4 2 API calls 31984->31993 31994 e0f05c0 2 API calls 31984->31994 31995 e0f09b0 2 API calls 31984->31995 31985->31967 31986->31984 31987->31984 31988->31984 31989->31984 31990->31984 31991->31984 31992->31984 31993->31984 31994->31984 31995->31984 32040 e0f1fb8 31996->32040 32043 e0f1fb1 31996->32043 31997 e0f1266 32046 e0f2128 32000->32046 32050 e0f2130 32000->32050 32001 e0f09ca 32005 e0f05f3 32004->32005 32006 e0f076c 32005->32006 32054 e0f1b7d 32005->32054 32058 e0f1b88 32005->32058 32006->31971 32011 e0f2128 WriteProcessMemory 32009->32011 32012 e0f2130 WriteProcessMemory 32009->32012 32010 e0f17e8 32011->32010 32012->32010 32014 e0f05f3 32013->32014 32015 e0f076c 32014->32015 32016 e0f1b7d CreateProcessW 32014->32016 32017 e0f1b88 CreateProcessW 32014->32017 32015->31971 32016->32015 32017->32015 32020 e0f2128 WriteProcessMemory 32018->32020 32021 e0f2130 WriteProcessMemory 32018->32021 32019 e0f08ef 32020->32019 32021->32019 32062 e0f22e8 32022->32062 32065 e0f22e0 32022->32065 32023 e0f0f47 32068 e0f2088 32026->32068 32071 e0f2081 32026->32071 32027 e0f14a3 32031 e0f0f05 32030->32031 32074 e0f1ef8 32031->32074 32078 e0f1ef0 32031->32078 32032 e0f0f13 32036 e0f1634 32035->32036 32038 e0f1ef8 SetThreadContext 32036->32038 32039 e0f1ef0 SetThreadContext 32036->32039 32037 e0f1686 32038->32037 32039->32037 32041 e0f2003 ReadProcessMemory 32040->32041 32042 e0f2046 32041->32042 32042->31997 32044 e0f2003 ReadProcessMemory 32043->32044 32045 e0f2046 32044->32045 32045->31997 32047 e0f217b WriteProcessMemory 32046->32047 32049 e0f21cc 32047->32049 32049->32001 32051 e0f217b WriteProcessMemory 32050->32051 32053 e0f21cc 32051->32053 32053->32001 32055 e0f1c07 CreateProcessW 32054->32055 32057 e0f1cf0 32055->32057 32059 e0f1c07 CreateProcessW 32058->32059 32061 e0f1cf0 32059->32061 32063 e0f2329 ResumeThread 32062->32063 32064 e0f2356 32063->32064 32064->32023 32066 e0f2329 ResumeThread 32065->32066 32067 e0f2356 32066->32067 32067->32023 32069 e0f20cb VirtualAllocEx 32068->32069 32070 e0f2102 32069->32070 32070->32027 32072 e0f20cb VirtualAllocEx 32071->32072 32073 e0f2102 32072->32073 32073->32027 32075 e0f1f40 SetThreadContext 32074->32075 32077 e0f1f7e 32075->32077 32077->32032 32079 e0f1f40 SetThreadContext 32078->32079 32081 e0f1f7e 32079->32081 32081->32032 31900 1336518 31903 133525c 31900->31903 31902 1336526 31904 1335267 31903->31904 31907 1335310 31904->31907 31906 13365fd 31906->31902 31908 133531b 31907->31908 31911 1335340 31908->31911 31910 13366da 31910->31906 31912 133534b 31911->31912 31915 1335370 31912->31915 31914 13367ca 31914->31910 31917 133537b 31915->31917 31916 1336f1c 31916->31914 31917->31916 31919 133b158 31917->31919 31920 133b189 31919->31920 31921 133b1ad 31920->31921 31924 133b307 31920->31924 31928 133b318 31920->31928 31921->31916 31925 133b325 31924->31925 31926 133b35f 31925->31926 31932 1339af4 31925->31932 31926->31921 31930 133b325 31928->31930 31929 133b35f 31929->31921 31930->31929 31931 1339af4 2 API calls 31930->31931 31931->31929 31933 1339aff 31932->31933 31935 133c058 31933->31935 31936 133b6a4 31933->31936 31935->31935 31937 133b6af 31936->31937 31938 133c0c7 31937->31938 31939 1335370 2 API calls 31937->31939 31943 133de50 31938->31943 31949 133de38 31938->31949 31939->31938 31940 133c100 31940->31935 31945 133de81 31943->31945 31946 133dece 31943->31946 31944 133de8d 31944->31940 31945->31944 31955 133e189 31945->31955 31958 133e198 31945->31958 31946->31940 31951 133dece 31949->31951 31952 133de81 31949->31952 31950 133de8d 31950->31940 31951->31940 31952->31950 31953 133e189 2 API calls 31952->31953 31954 133e198 2 API calls 31952->31954 31953->31951 31954->31951 31956 1339148 LoadLibraryExW GetModuleHandleW 31955->31956 31957 133e1a1 31955->31957 31956->31957 31957->31946 31959 1339148 LoadLibraryExW GetModuleHandleW 31958->31959 31960 133e1a1 31959->31960 31960->31946 31961 133f958 31962 133f9c0 CreateWindowExW 31961->31962 31964 133fa7c 31962->31964 31848 85dbfd0 31849 85dc018 VirtualProtect 31848->31849 31850 85dc052 31849->31850

                                                                                        Executed Functions

                                                                                        Function 0E0F2570 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Ro(
                                                                                        • API String ID: 0-88585292
                                                                                        • Opcode ID: 116b33494f0dd05d39109b20089222ef2c0db5e381606dac4389aed43dca2161
                                                                                        • Instruction ID: ffccb34ef63fb48058c39f7fcedc0e57aec31f645d2c1a6162812abc7e152343
                                                                                        • Opcode Fuzzy Hash: 116b33494f0dd05d39109b20089222ef2c0db5e381606dac4389aed43dca2161
                                                                                        • Instruction Fuzzy Hash: 99B17C74E1A209DFCB04CFA6D58069EFBB2FF89300F60942AD50ABB668D7349951CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2569 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Ro(
                                                                                        • API String ID: 0-88585292
                                                                                        • Opcode ID: fb033c7000553dcbebd5dcc74122b95a491d564aea4e4effa37f0dff78f55258
                                                                                        • Instruction ID: f6700c73f3f30d6f8ff45ddba77abe7ebdacd8ff63e3d164586681df465c5789
                                                                                        • Opcode Fuzzy Hash: fb033c7000553dcbebd5dcc74122b95a491d564aea4e4effa37f0dff78f55258
                                                                                        • Instruction Fuzzy Hash: 1FB16B74E1A209DFCB08CFA6D58069EFBF2FF89310F60942AD506AB668D7349951CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F0358 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0s
                                                                                        • API String ID: 0-3810757225
                                                                                        • Opcode ID: 47ca1edaad86cb4780d13a6884b7ad61bd212f324d9744d725370f7e182495ae
                                                                                        • Instruction ID: 2a4b7b0715343a97be40d23070dedbd514945e8e110673bfe87c3c1b084329cb
                                                                                        • Opcode Fuzzy Hash: 47ca1edaad86cb4780d13a6884b7ad61bd212f324d9744d725370f7e182495ae
                                                                                        • Instruction Fuzzy Hash: 1A5186B0E06218DFCB00CFAAD6806DEFFB6EF89300F60902AE506B7645D73499558F14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F0348 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0s
                                                                                        • API String ID: 0-3810757225
                                                                                        • Opcode ID: 8c5d352110c726aea05fcb79047df3fcb5f0330ae712047ef6178042cf70bf69
                                                                                        • Instruction ID: b4d68e9a1b8523427f8bdba28cb46829190428b9b482e118658bc3bd6174b200
                                                                                        • Opcode Fuzzy Hash: 8c5d352110c726aea05fcb79047df3fcb5f0330ae712047ef6178042cf70bf69
                                                                                        • Instruction Fuzzy Hash: 375188B0E06218DFCB04CFA9E6906DEFFF6EF89310F20902AE505B7655E73499568B14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07827558 Relevance: .8, Instructions: 784COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61e1b48da18cbd63d96459b3d84ff664daeafd5f3dafd9ff0e652e751841f6ea
                                                                                        • Instruction ID: 0ab40810b11ff81f209dc866e1c739608352a208b692e4f69dc75423eb280e07
                                                                                        • Opcode Fuzzy Hash: 61e1b48da18cbd63d96459b3d84ff664daeafd5f3dafd9ff0e652e751841f6ea
                                                                                        • Instruction Fuzzy Hash: 8862AEB4A0021ADFCB14CF69C884AAEBBB2FF58305F158555E905DB3A1C730ED82DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782D710 Relevance: .7, Instructions: 722COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7b5446f71b8f8abfa669773d0fd42c509c058b42136371149c76a0c2b3d19a5f
                                                                                        • Instruction ID: 29591492198aae107dca5edc83d9da389f85fd80dfe2a5285d89085319a8e424
                                                                                        • Opcode Fuzzy Hash: 7b5446f71b8f8abfa669773d0fd42c509c058b42136371149c76a0c2b3d19a5f
                                                                                        • Instruction Fuzzy Hash: 6B52A3B5B00129DFCB18DF68C484AADBBB2BF94355F158069E805DB364DB30DC82DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824E70 Relevance: .6, Instructions: 561COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5ed0ef871a713141f5cffa4318997027740731890c7a6e650730970764233dd1
                                                                                        • Instruction ID: 31ab7ab7bd3ffd456c621f6c8613e967ad6a434eeae05bce51b492758a23d158
                                                                                        • Opcode Fuzzy Hash: 5ed0ef871a713141f5cffa4318997027740731890c7a6e650730970764233dd1
                                                                                        • Instruction Fuzzy Hash: 5722BEB4A002199FDB14DF64C854BAEBBF6BF88345F148169E806DB394DF349C86DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D2D00 Relevance: .5, Instructions: 503COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9aa70ba24ab5d2257ace34bfac2803c7d9ffbcbada6d8aa3453107d62b3ceaea
                                                                                        • Instruction ID: 91ab2f500ae2d534dee492763e69631435475de803e15dcd2a564cc245023337
                                                                                        • Opcode Fuzzy Hash: 9aa70ba24ab5d2257ace34bfac2803c7d9ffbcbada6d8aa3453107d62b3ceaea
                                                                                        • Instruction Fuzzy Hash: 1A02C234B04205CFCB24DF6CD4946AEBBA2BF85246F19846DD80ADB751EB31DC46CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07828B80 Relevance: .4, Instructions: 385COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a4bce8a4efdd06249bef60e62b4262407a4286d0e5b646337ef1772334ea2012
                                                                                        • Instruction ID: e04fe681e191716c39e97f1dc3ac214e3ddbda45558c09c0628bc7b5b87cdb45
                                                                                        • Opcode Fuzzy Hash: a4bce8a4efdd06249bef60e62b4262407a4286d0e5b646337ef1772334ea2012
                                                                                        • Instruction Fuzzy Hash: 2CD1C1B5B042288FCF18DF74C85466E7BB6BF98315F058429E846DB395CF34E8869B81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078255D8 Relevance: .4, Instructions: 382COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 482aebefc7fd376cacf6619089ecc52e4f7d6f0796ff34f9017a5fa5be46528c
                                                                                        • Instruction ID: 3bd5bffadf8bc8453f588f7ae3e66af40e1c590ff7020638ab4616b5b028b2ab
                                                                                        • Opcode Fuzzy Hash: 482aebefc7fd376cacf6619089ecc52e4f7d6f0796ff34f9017a5fa5be46528c
                                                                                        • Instruction Fuzzy Hash: A5F15EB0A50225DFCB14CF69D484AAEBBF2BF59312F2480A5E805DB361DB30DC92DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DD5D0 Relevance: .3, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 170cb5590e541d20152b170874900b0b58a4cfe5ecfabd7e7cee22f4fda0ca6e
                                                                                        • Instruction ID: 88518b327354f31f92cb0b96f21bd26933c08a389295daa1c036d01d48af4959
                                                                                        • Opcode Fuzzy Hash: 170cb5590e541d20152b170874900b0b58a4cfe5ecfabd7e7cee22f4fda0ca6e
                                                                                        • Instruction Fuzzy Hash: 1EB102B4E05219CBCB14CFA9C5419DEFBF2BF88301F64C56AD809AB358D7349942CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133D7F4 Relevance: .2, Instructions: 233COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b43fc12ed533a30d407beb60c36cf00b30b15299c39446c68a20c721d0df382
                                                                                        • Instruction ID: baec6b5248853183a8280ee16810b7b10f76f8f5e75a2e12851281d8ce2000a5
                                                                                        • Opcode Fuzzy Hash: 5b43fc12ed533a30d407beb60c36cf00b30b15299c39446c68a20c721d0df382
                                                                                        • Instruction Fuzzy Hash: 4691A135E003198FDB00DBB4D8949DDBBBAFF99348F548616E515AF364EB34A844CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D3F0E Relevance: .2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c048e461810b86eed4cd3cb92016ea6844cb0945095ab180f7d4f8c2788f4e8
                                                                                        • Instruction ID: 22edbc624a7d43f97804c604e200a6f91ca3d618081aeada75ca7b205a673aae
                                                                                        • Opcode Fuzzy Hash: 2c048e461810b86eed4cd3cb92016ea6844cb0945095ab180f7d4f8c2788f4e8
                                                                                        • Instruction Fuzzy Hash: 9FA11570E053498FCB14CFA9D984AEEBFF2BF89310F24842AD819AB214D7359985CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ED78 Relevance: .2, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02ec1cd00b8cfc1f982329b5402d8750a0153869f031bd901b18464982a1e633
                                                                                        • Instruction ID: 0b82ddf6243a18eb08c380a5bded560b126115770fa4bd9bae7c1ccb9722c38f
                                                                                        • Opcode Fuzzy Hash: 02ec1cd00b8cfc1f982329b5402d8750a0153869f031bd901b18464982a1e633
                                                                                        • Instruction Fuzzy Hash: CB9123B4E10219DFCB04CFA9D9485AEBFB2FF89301F14952AD816AB364DB349942CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ED88 Relevance: .2, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2723c3a69a66afbc123d9d7325fdccc5e91d749e85c80533584f3553a087504d
                                                                                        • Instruction ID: 32fe1111382e9d56cfc081fa0bb86dee29cb7926f28e4a8436952cfc12e1616f
                                                                                        • Opcode Fuzzy Hash: 2723c3a69a66afbc123d9d7325fdccc5e91d749e85c80533584f3553a087504d
                                                                                        • Instruction Fuzzy Hash: C19104B4E10219DFCB04DFA9D9485AEBFB2FF89301F10952AD816AB354DB34A942CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D3F88 Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fad6bd9508b7ce6065b635d25f4021a482316087ebdbbf3f52703289ae471dbd
                                                                                        • Instruction ID: 0f0208f6ac811036730fa3f099dfd846e84147970ea533362213301fb490f2fa
                                                                                        • Opcode Fuzzy Hash: fad6bd9508b7ce6065b635d25f4021a482316087ebdbbf3f52703289ae471dbd
                                                                                        • Instruction Fuzzy Hash: 8481C074E012198FDB18CFA9D980AEEBBB2BF88300F14842AD819AB354D7359945CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133FC51 Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 20a997532879f5233f2cd9c65d51112461ce4fc7aa081b9c07ea72abadfef23a
                                                                                        • Instruction ID: 4f0635c3b701adb2e433ca5ade35491be57afd736c6f36d3f8e9d9f8756effce
                                                                                        • Opcode Fuzzy Hash: 20a997532879f5233f2cd9c65d51112461ce4fc7aa081b9c07ea72abadfef23a
                                                                                        • Instruction Fuzzy Hash: 7D819E35E003198FDB04DBF4D8948DDBBBAFF99308F658216E515AF264EB34A845CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F05C0 Relevance: .2, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4380bf8a76e09c1c2b0e9c8a5153066228fc4f563ebff4bad1f9dfe7190fc193
                                                                                        • Instruction ID: 925b21cebe4f0e19ecc7e56386c9d745d2c5c375a0df85d6ddaaa1c60630f475
                                                                                        • Opcode Fuzzy Hash: 4380bf8a76e09c1c2b0e9c8a5153066228fc4f563ebff4bad1f9dfe7190fc193
                                                                                        • Instruction Fuzzy Hash: B98127B1E5522ACBDB24CF65C8447EDBBB2EF89300F1081EAD609A7641EB705ED18F40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D47C9 Relevance: .1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5eb842eab8d1c42a37a22f69700186917bc50afa7df4b87d1a9b909ea4b36fea
                                                                                        • Instruction ID: 28088d95ed7844b6b0c85c21961ed6761c9d03910b070fc1f19f802437c32849
                                                                                        • Opcode Fuzzy Hash: 5eb842eab8d1c42a37a22f69700186917bc50afa7df4b87d1a9b909ea4b36fea
                                                                                        • Instruction Fuzzy Hash: 8C516970E052498FCB08CFAAD8405AEFBF2FF89241F14C56AD809B7264D7348941CFA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D47D8 Relevance: .1, Instructions: 143COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e10517b4944613a7c8c9c39a2f1f226ea9737b89506c9b38d1d46b56b4a3d607
                                                                                        • Instruction ID: 06618902a1c8b4cdf53e4e71a4f2803d78afb08ac12ca700b0f7bd30fc2345c5
                                                                                        • Opcode Fuzzy Hash: e10517b4944613a7c8c9c39a2f1f226ea9737b89506c9b38d1d46b56b4a3d607
                                                                                        • Instruction Fuzzy Hash: 40513870E052198FDB08CFAAD9415AEFBF2FF88341F14C42AD809B7254D73499418FA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F05B5 Relevance: .1, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c364ed7cfa8881e4eba42d60fcebd148acd582844801972dae38aa1d33bbcce9
                                                                                        • Instruction ID: d5bfb677521a2c7501675826b5fc70f2b19ec175cf81610cfe67c396df7ac2ef
                                                                                        • Opcode Fuzzy Hash: c364ed7cfa8881e4eba42d60fcebd148acd582844801972dae38aa1d33bbcce9
                                                                                        • Instruction Fuzzy Hash: A9514A71E5122ACBDB24CF65C9447D9BBB2BF89300F1481EAD609A7654EB705ED0CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2784 Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a7989520f3b5d8930850a8861587203f61513f47055e02f9f5561401aa99fe19
                                                                                        • Instruction ID: 9689edb231d2219b2f9c9125010af876c85fa8b653587615991779e056ef20b8
                                                                                        • Opcode Fuzzy Hash: a7989520f3b5d8930850a8861587203f61513f47055e02f9f5561401aa99fe19
                                                                                        • Instruction Fuzzy Hash: 94416D74E16209CFCB04CFE6D98059DFBB2FB89310F20A52AD106BBA68D7749951CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DFCF8 Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d894bfad71735df109b81cafdce805829dbc1d6c897f50995e9bf1081728bf0
                                                                                        • Instruction ID: 59e4128dc86896612501a015b983e43f22a173aa8a53c4fb4d8dccdbab86d33c
                                                                                        • Opcode Fuzzy Hash: 1d894bfad71735df109b81cafdce805829dbc1d6c897f50995e9bf1081728bf0
                                                                                        • Instruction Fuzzy Hash: 97319C30E16308DBCB58DFA9E9545DDBBF6FB8D201F10986AD806B7214DB3499058B24
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D5570 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9cd1f765ed0188a5bc1004e05b50ad467a4d5273da642e8794f97e00595e9a98
                                                                                        • Instruction ID: 037067f01cfa9054eb27fa2c8a6a5613d3a12d94430612da3a1b8f537f372071
                                                                                        • Opcode Fuzzy Hash: 9cd1f765ed0188a5bc1004e05b50ad467a4d5273da642e8794f97e00595e9a98
                                                                                        • Instruction Fuzzy Hash: 0331D771E016188BDB18CF9AD9447DEFBB3AFC9311F14C06AE809A6254DB351A45CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D5560 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eb63bb31e538abd9c0116bd1b43e983302de3dc10467969c895dedf50e90c0d8
                                                                                        • Instruction ID: ecf2f4086ad8b58e85031eaf5f7636b16400c9def70b92bc7f50822b1700db6b
                                                                                        • Opcode Fuzzy Hash: eb63bb31e538abd9c0116bd1b43e983302de3dc10467969c895dedf50e90c0d8
                                                                                        • Instruction Fuzzy Hash: D321B8B1E016588BEB18CFAAD94439EBBF3AF89314F24C16AD805AA254EB741945CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133B420 Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0133B490
                                                                                        • GetCurrentThread.KERNEL32 ref: 0133B4CD
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0133B50A
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0133B563
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: a7c5ece1440dd139746c693ce75973815373c4ba85e6b6e143ac48da3fdf96a3
                                                                                        • Instruction ID: a43e1a01df176416f5043d1a4ae2b5e7f766bd344e91a5d92450085649f0fb32
                                                                                        • Opcode Fuzzy Hash: a7c5ece1440dd139746c693ce75973815373c4ba85e6b6e143ac48da3fdf96a3
                                                                                        • Instruction Fuzzy Hash: 065185B49017498FDB10CFA9D948BDEFBF0AF89308F208459E419A7390D7745888CB65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133B430 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0133B490
                                                                                        • GetCurrentThread.KERNEL32 ref: 0133B4CD
                                                                                        • GetCurrentProcess.KERNEL32 ref: 0133B50A
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0133B563
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: Current$ProcessThread
                                                                                        • String ID:
                                                                                        • API String ID: 2063062207-0
                                                                                        • Opcode ID: 6b687d66c541bde73fd5553eaaf9b39e02d41fe6fbe7083e2728efa6d3e7dc6f
                                                                                        • Instruction ID: a169a01aa0f3c2dffe2b592933fab7571869cb62cb0ec7124bb69a4e236e8aac
                                                                                        • Opcode Fuzzy Hash: 6b687d66c541bde73fd5553eaaf9b39e02d41fe6fbe7083e2728efa6d3e7dc6f
                                                                                        • Instruction Fuzzy Hash: 9B5132B4901649CFEB14CFAAD648BDEFBF0AF88318F208459E419A7350D7745988CF69
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01339148 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0133938E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 2184ab375d7a181a6b9cc20c41f524f00199088cec416625fd32d277b0670d3e
                                                                                        • Instruction ID: 5582479afb9361f1188073dac63bffb27b23d566fff990683398f8f50e9bdacc
                                                                                        • Opcode Fuzzy Hash: 2184ab375d7a181a6b9cc20c41f524f00199088cec416625fd32d277b0670d3e
                                                                                        • Instruction Fuzzy Hash: D1712570A00B098FD724DF29D45579ABBF1BF88318F008A2DE48ADBB50D774E8498F95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1B7D Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 95 e0f1b7d-e0f1c13 97 e0f1c1e-e0f1c25 95->97 98 e0f1c15-e0f1c1b 95->98 99 e0f1c27-e0f1c2d 97->99 100 e0f1c30-e0f1c46 97->100 98->97 99->100 101 e0f1c48-e0f1c4e 100->101 102 e0f1c51-e0f1cee CreateProcessW 100->102 101->102 104 e0f1cf7-e0f1d6b 102->104 105 e0f1cf0-e0f1cf6 102->105 113 e0f1d7d-e0f1d84 104->113 114 e0f1d6d-e0f1d73 104->114 105->104 115 e0f1d9b 113->115 116 e0f1d86-e0f1d95 113->116 114->113 118 e0f1d9c 115->118 116->115 118->118
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0E0F1CDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 07ec6cb421fa10ddfadbb75373eb88217b66f1147d21076d85c5e9edda76f1a3
                                                                                        • Instruction ID: 8f79d470a71535a09afe234ce4c3abb33c5255e99b0d8fab3d632aac8c93baf6
                                                                                        • Opcode Fuzzy Hash: 07ec6cb421fa10ddfadbb75373eb88217b66f1147d21076d85c5e9edda76f1a3
                                                                                        • Instruction Fuzzy Hash: C6512571D01328DFDB60CF99C880BDDBBB6BF48314F04809AE948A7610CB359A89CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1B88 Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 119 e0f1b88-e0f1c13 121 e0f1c1e-e0f1c25 119->121 122 e0f1c15-e0f1c1b 119->122 123 e0f1c27-e0f1c2d 121->123 124 e0f1c30-e0f1c46 121->124 122->121 123->124 125 e0f1c48-e0f1c4e 124->125 126 e0f1c51-e0f1cee CreateProcessW 124->126 125->126 128 e0f1cf7-e0f1d6b 126->128 129 e0f1cf0-e0f1cf6 126->129 137 e0f1d7d-e0f1d84 128->137 138 e0f1d6d-e0f1d73 128->138 129->128 139 e0f1d9b 137->139 140 e0f1d86-e0f1d95 137->140 138->137 142 e0f1d9c 139->142 140->139 142->142
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0E0F1CDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 8e8012da62ab1868d556b57223a92a0c7f8eada2b0787cb4617c6d8c847548b8
                                                                                        • Instruction ID: 11da99b6dbd20268a9d287a296969db89e02d3d9f4a280dd9b1acd79bc6e81c5
                                                                                        • Opcode Fuzzy Hash: 8e8012da62ab1868d556b57223a92a0c7f8eada2b0787cb4617c6d8c847548b8
                                                                                        • Instruction Fuzzy Hash: 28512571D01328DFDB60CF99C880BDDBBB6BF48304F04809AE948A7210CB319A89CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133F94C Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 143 133f94c-133f9be 144 133f9c0-133f9c6 143->144 145 133f9c9-133f9d0 143->145 144->145 146 133f9d2-133f9d8 145->146 147 133f9db-133fa13 145->147 146->147 148 133fa1b-133fa7a CreateWindowExW 147->148 149 133fa83-133fabb 148->149 150 133fa7c-133fa82 148->150 154 133fac8 149->154 155 133fabd-133fac0 149->155 150->149 156 133fac9 154->156 155->154 156->156
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0133FA6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: 398fee6c22acdcc60b8222ae896ca93a0ded732f95b2ba9e9573391820b8a004
                                                                                        • Instruction ID: ce01e9b948b2e3c63a0a3218a3cebfbcb291fe41fbb7e6f947d301230b2cce86
                                                                                        • Opcode Fuzzy Hash: 398fee6c22acdcc60b8222ae896ca93a0ded732f95b2ba9e9573391820b8a004
                                                                                        • Instruction Fuzzy Hash: EF51D2B5D003499FDF14CFA9C884ADEBFB5BF88314F64812AE818AB210D7749885CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133F958 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 157 133f958-133f9be 158 133f9c0-133f9c6 157->158 159 133f9c9-133f9d0 157->159 158->159 160 133f9d2-133f9d8 159->160 161 133f9db-133fa7a CreateWindowExW 159->161 160->161 163 133fa83-133fabb 161->163 164 133fa7c-133fa82 161->164 168 133fac8 163->168 169 133fabd-133fac0 163->169 164->163 170 133fac9 168->170 169->168 170->170
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0133FA6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: df19ac1c6891040092262f9c8844af61306fd332672a9724665333771365f4aa
                                                                                        • Instruction ID: e4a60cc84c37287ed91d83ed7fe5012bb8b8cd5aaed943d7abf6b38fd12ebc19
                                                                                        • Opcode Fuzzy Hash: df19ac1c6891040092262f9c8844af61306fd332672a9724665333771365f4aa
                                                                                        • Instruction Fuzzy Hash: 8541C2B1D003089FDF14CFAAC884ADEBFB5BF88314F64812AE419AB210D7749885CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2128 Relevance: 1.6, APIs: 1, Instructions: 66injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 171 e0f2128-e0f2181 173 e0f2183-e0f218f 171->173 174 e0f2191-e0f21ca WriteProcessMemory 171->174 173->174 175 e0f21cc-e0f21d2 174->175 176 e0f21d3-e0f21f4 174->176 175->176
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0E0F21BD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: bf8f32ae6fdca7c888752c4ff81fef7c359cc30c7250b97f768fe00c298a7fef
                                                                                        • Instruction ID: 68b77598188220421a8209a3da41b4242b41d4d03edcc575827d27226d271200
                                                                                        • Opcode Fuzzy Hash: bf8f32ae6fdca7c888752c4ff81fef7c359cc30c7250b97f768fe00c298a7fef
                                                                                        • Instruction Fuzzy Hash: 512122B5900349DFCB10CFA9D885BDEBBF4FF48314F00842AE958A3650D378A994CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2130 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 183 e0f2130-e0f2181 185 e0f2183-e0f218f 183->185 186 e0f2191-e0f21ca WriteProcessMemory 183->186 185->186 187 e0f21cc-e0f21d2 186->187 188 e0f21d3-e0f21f4 186->188 187->188
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0E0F21BD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: b8990d7a5120942e3c3768806f892a515f4dd0b21eefaa8093434771eeb3760b
                                                                                        • Instruction ID: 4db8f8da613cceabb9c5db64534369510259af214f0146fc0e9668d37da976ae
                                                                                        • Opcode Fuzzy Hash: b8990d7a5120942e3c3768806f892a515f4dd0b21eefaa8093434771eeb3760b
                                                                                        • Instruction Fuzzy Hash: 9B21F2B1900349DFCB10CF99D885BDEBBF4FB48314F00842AE918A3650D378A994CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133BA58 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 178 133ba58-133baf4 DuplicateHandle 179 133baf6-133bafc 178->179 180 133bafd-133bb1a 178->180 179->180
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133BAE7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: c0e4e86f6419cb3246bf4e10b2f6b21042dcb031a44d645216facef649d17d59
                                                                                        • Instruction ID: 217c778afac19b8154f952b0e74d83c4c56e8a91d27f6d10049e7ab2f9309f6d
                                                                                        • Opcode Fuzzy Hash: c0e4e86f6419cb3246bf4e10b2f6b21042dcb031a44d645216facef649d17d59
                                                                                        • Instruction Fuzzy Hash: BE2110B59002499FDB10CFAAD984ADEBBF4EF48324F14801AE954A7310C378A945CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133BA60 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 190 133ba60-133baf4 DuplicateHandle 191 133baf6-133bafc 190->191 192 133bafd-133bb1a 190->192 191->192
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133BAE7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 5c0f9d784131060a604feff9c78172a37d7ca6d3e6f8e62d259527451029f9d8
                                                                                        • Instruction ID: c0d93dfbb4b4c1a15f5c965b7bfe5d85c83f5ad2c87171ec7116866fb3989bdc
                                                                                        • Opcode Fuzzy Hash: 5c0f9d784131060a604feff9c78172a37d7ca6d3e6f8e62d259527451029f9d8
                                                                                        • Instruction Fuzzy Hash: 2321E2B59003089FDB10CFAAD984ADEFBF8EB48324F14801AE954A3310D378A955CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1FB1 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 195 e0f1fb1-e0f2044 ReadProcessMemory 197 e0f204d-e0f206e 195->197 198 e0f2046-e0f204c 195->198 198->197
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0E0F2037
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: cd60fcfea39c680a473b9e6d02ee3eca2ef4e45cab63d3bc56a97d689eeab36a
                                                                                        • Instruction ID: 57fdcfdcfc1091cffeff8dabbf6cec137f56aaa585c2e0b4c54c233598031154
                                                                                        • Opcode Fuzzy Hash: cd60fcfea39c680a473b9e6d02ee3eca2ef4e45cab63d3bc56a97d689eeab36a
                                                                                        • Instruction Fuzzy Hash: 4821F3B5901259DFCB10CF9AD884BDEBBF4BF48314F14842AE958A3610D3789955CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1EF0 Relevance: 1.6, APIs: 1, Instructions: 59threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 200 e0f1ef0-e0f1f44 202 e0f1f46-e0f1f4e 200->202 203 e0f1f50-e0f1f7c SetThreadContext 200->203 202->203 204 e0f1f7e-e0f1f84 203->204 205 e0f1f85-e0f1fa6 203->205 204->205
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 0E0F1F6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: a6bb6c8cd149a92386ee029b568fa2979e65d382c918eca58ada45e07ce68c43
                                                                                        • Instruction ID: 9dcda8947ab0870c6bfc4ea9bacefdd31a91e9b3fe8ad87e86987b7a681ac6e3
                                                                                        • Opcode Fuzzy Hash: a6bb6c8cd149a92386ee029b568fa2979e65d382c918eca58ada45e07ce68c43
                                                                                        • Instruction Fuzzy Hash: F52142B5D002598FCB00CFA9C8857EEFBF4BF08224F04812AE518B3640D378A958CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1FB8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 207 e0f1fb8-e0f2044 ReadProcessMemory 209 e0f204d-e0f206e 207->209 210 e0f2046-e0f204c 207->210 210->209
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0E0F2037
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 84e91c02eb760e79300362f4ce626ede8d7503a9ab9882a242dc4af6a1819369
                                                                                        • Instruction ID: f23975735a3ea03dbac1db2de50a4174e1b4719a599a455b48c3917206624a9a
                                                                                        • Opcode Fuzzy Hash: 84e91c02eb760e79300362f4ce626ede8d7503a9ab9882a242dc4af6a1819369
                                                                                        • Instruction Fuzzy Hash: 502104B5900359DFCB10CF9AD884BDEBBF4FB48314F10842AE918A3610D378A955CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F1EF8 Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 212 e0f1ef8-e0f1f44 214 e0f1f46-e0f1f4e 212->214 215 e0f1f50-e0f1f7c SetThreadContext 212->215 214->215 216 e0f1f7e-e0f1f84 215->216 217 e0f1f85-e0f1fa6 215->217 216->217
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 0E0F1F6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: 9975ea7bfd4555607c380f68d162f60528884b4c471ede2fa14d4844ada6d463
                                                                                        • Instruction ID: d15d4da9d3ca12c252e08e06251a213243e09818269f348023fecb72a11d4bc2
                                                                                        • Opcode Fuzzy Hash: 9975ea7bfd4555607c380f68d162f60528884b4c471ede2fa14d4844ada6d463
                                                                                        • Instruction Fuzzy Hash: 88210871D002599FCB10CF9AC8457DEFBF4BB48224F148129E518B3740D778A9598FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DBFD0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 085DC043
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 6dc8b8d06d3a6d06b40a57d61e47d436c2285236e2a90528e0656368ff101075
                                                                                        • Instruction ID: 9550f5c4923a291540094643368723e1544cfc83e41911c9f833739eaaa84e62
                                                                                        • Opcode Fuzzy Hash: 6dc8b8d06d3a6d06b40a57d61e47d436c2285236e2a90528e0656368ff101075
                                                                                        • Instruction Fuzzy Hash: 6C2103B59003499FCB10CF9AC884BDEBBF8FB48324F148029E958A3740D378A945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01338508 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01339409,00000800,00000000,00000000), ref: 0133961A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 63c9d9ef3c4397a8b776d03fd1c2d01afa9d6d438c6059b008af6898b63327c4
                                                                                        • Instruction ID: d0dafb3d52f597229ba63ce31e6ebf456fd3f68fed0f265fb0e34feceedc0742
                                                                                        • Opcode Fuzzy Hash: 63c9d9ef3c4397a8b776d03fd1c2d01afa9d6d438c6059b008af6898b63327c4
                                                                                        • Instruction Fuzzy Hash: AC1106B6900349CFDB10CF9AC444BDEBBF4AB88328F14842AD555A7600C3B4A549CFA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 013395A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01339409,00000800,00000000,00000000), ref: 0133961A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 6abb0efdc079434a8dbf290a559613695cdf956081c10f6b3e4f8d003b348ff9
                                                                                        • Instruction ID: 8b7de8a0d4c2e99bcd6f61a0430ed6fec94351f4e0d15622fbbb7f6085bfbc28
                                                                                        • Opcode Fuzzy Hash: 6abb0efdc079434a8dbf290a559613695cdf956081c10f6b3e4f8d003b348ff9
                                                                                        • Instruction Fuzzy Hash: 7A2136B6C002488FDB10CFA9C484BDEFBF4AF88328F14842ED555A7600C374A54ACFA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2088 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0E0F20F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 7c91d22261d891b3ef39f203901009d32e4a3c3b7fac02e9530706451d8b8c03
                                                                                        • Instruction ID: 12c42e40f21a3911b907083507f8050306b9d0749e1555596e745d50f2e84af0
                                                                                        • Opcode Fuzzy Hash: 7c91d22261d891b3ef39f203901009d32e4a3c3b7fac02e9530706451d8b8c03
                                                                                        • Instruction Fuzzy Hash: 7611E3B5900249DFCB10CF99D884BDEBBF8FB48324F148419E628A7610D375A954CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2081 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0E0F20F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: e6279c1c994499efec44c5ad4167bb4969bea10d6a8c85153ff1726e1aed0c06
                                                                                        • Instruction ID: 2cc1140090860732ccf78b34943a73e1e1ac66a64b536452690fc6876be6ce1e
                                                                                        • Opcode Fuzzy Hash: e6279c1c994499efec44c5ad4167bb4969bea10d6a8c85153ff1726e1aed0c06
                                                                                        • Instruction Fuzzy Hash: 401113B6900248DFCB10CF99D985BDEBBF4FF48324F148419E628A7610D335A954CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133FB99 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0133FBFD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: 6bb9f6f803cee43a633ba17973ca8d42a3032a543dd2055b646b8d2217d97261
                                                                                        • Instruction ID: 546734082751dbb41a7c8b0ae0d3a41491781896a3f8712adbff834ab5afce86
                                                                                        • Opcode Fuzzy Hash: 6bb9f6f803cee43a633ba17973ca8d42a3032a543dd2055b646b8d2217d97261
                                                                                        • Instruction Fuzzy Hash: 8111F2B58002498FDB20CF99D585BDEBBF8EB88328F24851AD955A7600C374A949CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01339328 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0133938E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule
                                                                                        • String ID:
                                                                                        • API String ID: 4139908857-0
                                                                                        • Opcode ID: 9c83949abe3b07b4e8f90160abbe15e479f0b9296ca7b84a65d738e27b42a9cb
                                                                                        • Instruction ID: 40e31e66f01c663ea8d8d8ea1ec5ba2440d419a4bf14f842a600d76dde96f75c
                                                                                        • Opcode Fuzzy Hash: 9c83949abe3b07b4e8f90160abbe15e479f0b9296ca7b84a65d738e27b42a9cb
                                                                                        • Instruction Fuzzy Hash: 3B1113B5C003498FDB10CF9AC844BDEFBF4AF88328F14841AD419A7600C374A545CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133D7DC Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0133FBFD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: a580629b300cd4af9e8ea5ce35a69972d253ac00b2c6e62d2042fc7413cd915b
                                                                                        • Instruction ID: 7b3417a5835a6fb1a463de1b231b310c121e1682def43ebda348b21b534ecdfd
                                                                                        • Opcode Fuzzy Hash: a580629b300cd4af9e8ea5ce35a69972d253ac00b2c6e62d2042fc7413cd915b
                                                                                        • Instruction Fuzzy Hash: DC1148B58003088FDB10DF89D485BDEBBF8EB88328F108519E914B3700C374A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2CA2 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0E0F2D05
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: fd0a1bf94e9d3b3c3f82e87640e87246896d409374637eb6c16200594accb91a
                                                                                        • Instruction ID: d882d475d65b507a5a4fe401f63c15da4aab09c525354f2e464a5fcd7a705fbf
                                                                                        • Opcode Fuzzy Hash: fd0a1bf94e9d3b3c3f82e87640e87246896d409374637eb6c16200594accb91a
                                                                                        • Instruction Fuzzy Hash: 2F11F2B98003498FDB10CF99D985BDEBBF8EF48324F10841AE558A7A10C374A994CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F2CA8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0E0F2D05
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 457164777d29a5bbe3029444a28a2b17a5dd041c75fa283159e1783f08827b38
                                                                                        • Instruction ID: eaa87875c8e90709d08cd624e8771bdf06ee4ab94dac788e6e43cbee828cd55f
                                                                                        • Opcode Fuzzy Hash: 457164777d29a5bbe3029444a28a2b17a5dd041c75fa283159e1783f08827b38
                                                                                        • Instruction Fuzzy Hash: 6611E2B5800349DFDB10CF99D889BDEBBF8EB48324F14841AE958A7610C374A994CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F22E8 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 1908cdd30dcfd99974e118ba94816d284e6d2084f5aa3992693c96ea9091ee07
                                                                                        • Instruction ID: 0828057740043cf948c3e9d0c0195f4f321d601b1b25bb1d73367f55f3322e22
                                                                                        • Opcode Fuzzy Hash: 1908cdd30dcfd99974e118ba94816d284e6d2084f5aa3992693c96ea9091ee07
                                                                                        • Instruction Fuzzy Hash: D81112B5800349CFCB10DF9AD885BDEBBF8EB48328F14841AD518A3710C774A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F22E0 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 10f0718e3a79d211a99eb80462b368d1de87d80f930379d6eea0f3d3a519d205
                                                                                        • Instruction ID: 676bd9212efc615ecf629ad77fc501d86da667cecfadc2f76a0c6de932ac9359
                                                                                        • Opcode Fuzzy Hash: 10f0718e3a79d211a99eb80462b368d1de87d80f930379d6eea0f3d3a519d205
                                                                                        • Instruction Fuzzy Hash: C11130B5800248CFCB10CF99D585BDEBBF4AB48328F14841AD528A3710C778A988CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824BEF Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: U
                                                                                        • API String ID: 0-3372436214
                                                                                        • Opcode ID: 38992b34707e692326bb964836a8d4f53625a2196b9dc1c7f81f82675c4260bb
                                                                                        • Instruction ID: 329741d8761a41ee6a822d6a50b3dcfce82a29619a7e2dedcfead4bf72eef35d
                                                                                        • Opcode Fuzzy Hash: 38992b34707e692326bb964836a8d4f53625a2196b9dc1c7f81f82675c4260bb
                                                                                        • Instruction Fuzzy Hash: D8E0863000574C8FCB416F20F9645D53F626F42249B0685A1988C4E157DB74480DC392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07820007 Relevance: .5, Instructions: 535COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21b75fd97d138dfde8137e0323a6bc1b8d849989923725c0026cfd053a370825
                                                                                        • Instruction ID: 4f4d4c5b4b08f830fb117bd67a55f7f88cef4995bcf6530bcf0e0803039f0408
                                                                                        • Opcode Fuzzy Hash: 21b75fd97d138dfde8137e0323a6bc1b8d849989923725c0026cfd053a370825
                                                                                        • Instruction Fuzzy Hash: AA421370D1461DCFCB15EFA8C8486DCBBB1BF59300F1182AAD5497B265EB309AD9CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07820040 Relevance: .5, Instructions: 522COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7a5360683006580e146728430534938ef01202e0125334d2f2cf8e131fb8c42
                                                                                        • Instruction ID: 08186a663f3442003d951c2922972749d83e497415856fb0d2fa68723115f040
                                                                                        • Opcode Fuzzy Hash: d7a5360683006580e146728430534938ef01202e0125334d2f2cf8e131fb8c42
                                                                                        • Instruction Fuzzy Hash: 4442E270D1061DCFCB15EFA8C8486DCBBB1BF59300F5186AAD5497B264EB309AD9CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078207F0 Relevance: .5, Instructions: 483COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02a016d08396b1466680dd078d57e1f9e9ffbaaf1d3a1758ad46f45332b36be7
                                                                                        • Instruction ID: 6d31d75efe212451e42298827f2d3caf5186803be69eb6107b6cafd0e8cf3278
                                                                                        • Opcode Fuzzy Hash: 02a016d08396b1466680dd078d57e1f9e9ffbaaf1d3a1758ad46f45332b36be7
                                                                                        • Instruction Fuzzy Hash: AA228071A0061ADFCF15DF64C4446DDB7B1FF95304F2086AAE849AB250EB70EA86CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07825BC0 Relevance: .4, Instructions: 449COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db1934391e2ed2a9c1eb758ce9046097289ed5d91e52264757a0325f35baeb20
                                                                                        • Instruction ID: 164a80267c618e560236510a2a05860e50681785019bf69e3a4af5b88bb4cb48
                                                                                        • Opcode Fuzzy Hash: db1934391e2ed2a9c1eb758ce9046097289ed5d91e52264757a0325f35baeb20
                                                                                        • Instruction Fuzzy Hash: DD125AB0B00219DFCB14CF68D584A9EBBF1AF58315F148599E849DB7A1DB30EC86DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824260 Relevance: .4, Instructions: 438COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7db310626997e5af6b22909ee3445c97ccb3ccbd07958835d6f16550aa28805e
                                                                                        • Instruction ID: 7eca3d0d0e062a7890269c6cb47f1abe60b269930e81481f1295f31ff65340ec
                                                                                        • Opcode Fuzzy Hash: 7db310626997e5af6b22909ee3445c97ccb3ccbd07958835d6f16550aa28805e
                                                                                        • Instruction Fuzzy Hash: 83E108B07001699FDB15AF74C454BBE7BA6EB99346F148429E80ACB380CF34DC86D7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07828470 Relevance: .4, Instructions: 404COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a8752e589207e69fbf261c53135eda7e3db03e8e9bf12d8aa1e62a2f1ed4b66f
                                                                                        • Instruction ID: 8cbc14365be192409d5c78abb6b737917f8f6d8a26212147142a1d5967eaccef
                                                                                        • Opcode Fuzzy Hash: a8752e589207e69fbf261c53135eda7e3db03e8e9bf12d8aa1e62a2f1ed4b66f
                                                                                        • Instruction Fuzzy Hash: BBF12FB5E00125CFCB04DF68C9889ADBBF6BF98311B1A8159E515EB361DB34EC82DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07825BB0 Relevance: .3, Instructions: 274COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d8a027529d89521b479156e8a5dc6f7ed40cab720653675d6ff101acfb5a9695
                                                                                        • Instruction ID: 7927515a07a58f9a21712c57e01b34df9df5d8dba118a88566392c6bc9c751cc
                                                                                        • Opcode Fuzzy Hash: d8a027529d89521b479156e8a5dc6f7ed40cab720653675d6ff101acfb5a9695
                                                                                        • Instruction Fuzzy Hash: 71C17EB0A40219DFCB14CF69D984A9EBBF2BF58315F148199E815EB761E730EC82DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07822DE0 Relevance: .2, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 40013bb4d20528aa53c54307d03b73f521bd0b68c6b60e9485796090abde4ae8
                                                                                        • Instruction ID: 14c008f3db1a22c411a2b67925cf6b464208b38e0e5370f6da557cc9778b499f
                                                                                        • Opcode Fuzzy Hash: 40013bb4d20528aa53c54307d03b73f521bd0b68c6b60e9485796090abde4ae8
                                                                                        • Instruction Fuzzy Hash: DD81F6B0B002299FCB14DB69C894BEEBBF6FB98215F148029D415DB741CB349C82DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824950 Relevance: .2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d98442d5b40d7b52c5b13a4d7fec1d0c45d7f257f5bb68e191751f66498b88e7
                                                                                        • Instruction ID: b1a2c968cbde1591dd956f1d26bfaf0698a061654c4675859f8823d6ec3fb15d
                                                                                        • Opcode Fuzzy Hash: d98442d5b40d7b52c5b13a4d7fec1d0c45d7f257f5bb68e191751f66498b88e7
                                                                                        • Instruction Fuzzy Hash: C28116F4B00165CFCB04CFE9C484AAAB7B6FF99256B158165D40ADB361D730DC82CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782C418 Relevance: .2, Instructions: 203COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7d6aa7dc323fbde8204ba1d849346ae2c781cb38588612c711498df97cafca6a
                                                                                        • Instruction ID: 0a1dd38993660755d4acf39c0c1a05d622db852faf4a1f9a7238f04b4d30573e
                                                                                        • Opcode Fuzzy Hash: 7d6aa7dc323fbde8204ba1d849346ae2c781cb38588612c711498df97cafca6a
                                                                                        • Instruction Fuzzy Hash: AA91E375D01229CFCF24DFA5C884BEEBBB2BF59304F1480A9D409AB261DB719A85CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07826190 Relevance: .2, Instructions: 201COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a81f4a7edce1e3c0c1b7852fe56a1b3dd1217623a3d934957ead6b2a42dbd722
                                                                                        • Instruction ID: 7489cc412f025c4d161bb6c0e481972ba3205990324bf12e07d6bbeb9f564ca3
                                                                                        • Opcode Fuzzy Hash: a81f4a7edce1e3c0c1b7852fe56a1b3dd1217623a3d934957ead6b2a42dbd722
                                                                                        • Instruction Fuzzy Hash: 30712CB0714256CFCB14DF68C488A6E7BF5EF59206F1504A9E805CB761EB70EC82DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07820E38 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d6df82f2b8a3d9a2360533562e841e8fccac38f926bd7fa53dd9990818d7aafb
                                                                                        • Instruction ID: 91a92c6da0f08c41341252288b59c1e9dfa71eca93f3dde437a8c5838f1aa861
                                                                                        • Opcode Fuzzy Hash: d6df82f2b8a3d9a2360533562e841e8fccac38f926bd7fa53dd9990818d7aafb
                                                                                        • Instruction Fuzzy Hash: 2A6107B1A1062ADFDF14CFA9E8899EEBBF5FF48300F118069E845E7254D73098A5CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782AAF8 Relevance: .2, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a9a1be9430f8963f6d19d91e03857b2f5d16f25d7111aa4be3a179f83a541b0c
                                                                                        • Instruction ID: 43a5a19b4c31ffd473aa9f62966cf182ff40ed46237e62f9ecf5cf83da665483
                                                                                        • Opcode Fuzzy Hash: a9a1be9430f8963f6d19d91e03857b2f5d16f25d7111aa4be3a179f83a541b0c
                                                                                        • Instruction Fuzzy Hash: A75168B5E042589FDB04DFA9D8906DEBFB2EF89304F14806AD845EB391EB345845CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782A930 Relevance: .2, Instructions: 155COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ca6b35051d532fde0e88780f862cf04e38be113596aaf345ed4f75a9a17afe3
                                                                                        • Instruction ID: c14911a2eac91fa0d40fab8dad08494876dc7d9b79e7d4aa745a270943184307
                                                                                        • Opcode Fuzzy Hash: 2ca6b35051d532fde0e88780f862cf04e38be113596aaf345ed4f75a9a17afe3
                                                                                        • Instruction Fuzzy Hash: 4351C371B002168FCB14DF78D9445BEBBF6EFC5215714852AE469CB391EF309C468B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078282B8 Relevance: .1, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 380e3399bb3c2166512b4619fdde5b5ac52eaff791c218883b1919287e470682
                                                                                        • Instruction ID: 932b88a96eaf88406f98367793f57e58e0ffce2e6a1c57f82d6b6e531bd9d113
                                                                                        • Opcode Fuzzy Hash: 380e3399bb3c2166512b4619fdde5b5ac52eaff791c218883b1919287e470682
                                                                                        • Instruction Fuzzy Hash: 294123B57042149FCB089F74D8546AEBBF6AF89241F144469E90ADB781CF34EC46CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078276AB Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6080a9c477e82dbbceb3b42153a3db517f715b48adafe1041482f141c4c6d4eb
                                                                                        • Instruction ID: 07c30e4ec7a7734a6d61571f893dd42de679a10f545799c35626cc3399897338
                                                                                        • Opcode Fuzzy Hash: 6080a9c477e82dbbceb3b42153a3db517f715b48adafe1041482f141c4c6d4eb
                                                                                        • Instruction Fuzzy Hash: 3941F3B1A00259DFCF01CFA6C844A9DBFB2BF59315F008156EA11DB391D730E896DB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782D84F Relevance: .1, Instructions: 117COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1d9ca2b1337bd2b002241e661e51d9e58f483d16792460f42cf508f5a02dcbe
                                                                                        • Instruction ID: 65668e05c9c9d8cc238cfb4f8f3708957cca9a799246a52dde9563b9d34cb6b7
                                                                                        • Opcode Fuzzy Hash: e1d9ca2b1337bd2b002241e661e51d9e58f483d16792460f42cf508f5a02dcbe
                                                                                        • Instruction Fuzzy Hash: 41416AB070012A9FCF04DF64D854AEEBBB6AF94255F148429F8029B394DB34DC96DBD0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F188 Relevance: .1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d429ee864cd3b19de4bc5dcf70f2289554b593cdd9dc527ccb3d7d85999a5ceb
                                                                                        • Instruction ID: 111b5c4d3a41550838a32dcfc5533c9595c0faa22bba1691b65fb52cd0fa13d0
                                                                                        • Opcode Fuzzy Hash: d429ee864cd3b19de4bc5dcf70f2289554b593cdd9dc527ccb3d7d85999a5ceb
                                                                                        • Instruction Fuzzy Hash: A84167B8E1525D9FCB08CFA6D9845DEBBB2EF89201F1084AAD511E7250DB345A46CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F198 Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: afcaddab023d2bef07505968d27405a735ec4be882a5c497d7e6f362f07afcf1
                                                                                        • Instruction ID: ab8dadb91d0ef594477cbfc4c943db2e18819b7b625527bd366b56949c4a1665
                                                                                        • Opcode Fuzzy Hash: afcaddab023d2bef07505968d27405a735ec4be882a5c497d7e6f362f07afcf1
                                                                                        • Instruction Fuzzy Hash: 824146B4E1521EDFCB04CFA6D9845DEBBB2EF89201F50846AD512E7210EB345A46CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ABA8 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05132fa59d601dd58c705654e640fa5fea0ab1a261a99ab07b1a371a03a435d9
                                                                                        • Instruction ID: 00ee1d6a10cc6a549164e976b593aeb382a79e0a77b73855e89d4c2e45169bba
                                                                                        • Opcode Fuzzy Hash: 05132fa59d601dd58c705654e640fa5fea0ab1a261a99ab07b1a371a03a435d9
                                                                                        • Instruction Fuzzy Hash: 984181B5E002189FDB48DFA9D855ADEBBF2BF88300F10812AE819A7354DB346946CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782194A Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 211eec052c355677b54ea43f630beaca10ffb7a15236fd65d55d5f86e4e0e78c
                                                                                        • Instruction ID: 934a51f4874478778944b1f71f1f27728036aa7dfa51d2121467ee0260bd61ca
                                                                                        • Opcode Fuzzy Hash: 211eec052c355677b54ea43f630beaca10ffb7a15236fd65d55d5f86e4e0e78c
                                                                                        • Instruction Fuzzy Hash: 32414475A10609DFCB04EF98C894CDDFBB6FF89310B058659E515AB324EB70AD45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078273B8 Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b839e6f1164f18d35f5bdf2ad7df9d2b996be291259ab995708f86b2129900f7
                                                                                        • Instruction ID: 1f4606314fc933e46a513f1f8761c4075a0f3754de3bf8ab25074f637ad5a39b
                                                                                        • Opcode Fuzzy Hash: b839e6f1164f18d35f5bdf2ad7df9d2b996be291259ab995708f86b2129900f7
                                                                                        • Instruction Fuzzy Hash: 0B31F8F031422A4FCB259F76D894A7D7FAAEB51355F14042AD202CB392DF28DCC69762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07823498 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bcac6a9f984bca92bf2d62017a246544da0b60b828f9ee2deb0b42a5c2ce81b2
                                                                                        • Instruction ID: caa2c4f19b82f4680d55eb7fa0f295b01074b1c25ea25204b9cfa3b3cd159ccd
                                                                                        • Opcode Fuzzy Hash: bcac6a9f984bca92bf2d62017a246544da0b60b828f9ee2deb0b42a5c2ce81b2
                                                                                        • Instruction Fuzzy Hash: 7031817170021AAFCB05AF64E8646AFBFA6FF95211F408019F90ACB754CB34DC5ADB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07826428 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b17be2a37c175e09745a363d6c46ca07f1ff5f925183e1104075cd11be71b5cf
                                                                                        • Instruction ID: 6157880612a2f4a318bd16001cc1263b3c9fd07f14804c021ffdbaf7748f0e90
                                                                                        • Opcode Fuzzy Hash: b17be2a37c175e09745a363d6c46ca07f1ff5f925183e1104075cd11be71b5cf
                                                                                        • Instruction Fuzzy Hash: 1A214CB03102264BDB142A35E5A563D3AD7EFE515AB184039E902CBB95FF3CC883B781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07826438 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 173d95da0d195efc6c7e910020f61d98a5d61f858c9480626656eacc58caa5c5
                                                                                        • Instruction ID: 90ec20858dfbc9ea9813e9107095d3c11b1d491cd09aaf5e7eec7a15dd24c585
                                                                                        • Opcode Fuzzy Hash: 173d95da0d195efc6c7e910020f61d98a5d61f858c9480626656eacc58caa5c5
                                                                                        • Instruction Fuzzy Hash: 7A210AB03142254BDB142A35E56467E69979FE525AF148039E502CBB98FF39CCC3A381
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07828460 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0823ee8f0bfb816add4125ce81053add880a15b5f29fddffc4cce53291be7200
                                                                                        • Instruction ID: f376daaa9fd2f089b6ff6c21abc22422b5348bf68639106ee6b4e3bccd320d15
                                                                                        • Opcode Fuzzy Hash: 0823ee8f0bfb816add4125ce81053add880a15b5f29fddffc4cce53291be7200
                                                                                        • Instruction Fuzzy Hash: BF316FB1E001258FCF04CF68C984AAEBBF6BF95611B198259E515DB3A1CB34ED42CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821338 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9c3f2766e39a9aa1212574d913231e4075a7392fdc383c78f4879fed4346ad13
                                                                                        • Instruction ID: 4e3b86e64978e6752b006950bb50557c48c3973e215e62c43f77361015754275
                                                                                        • Opcode Fuzzy Hash: 9c3f2766e39a9aa1212574d913231e4075a7392fdc383c78f4879fed4346ad13
                                                                                        • Instruction Fuzzy Hash: 9931C431A14609CFCB00EF68D9586EDB7F1FF85301F50856EE446BB260EB30A989CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07823467 Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 15cfaf47c70e8dfa2c8f1676adad4de111d2490ea1559c91d6bf6da2b8eabbbb
                                                                                        • Instruction ID: dc590c68f2c904f48a1c6ff06f19c6df0a01900b0d4d6a7034af2a693f1e5160
                                                                                        • Opcode Fuzzy Hash: 15cfaf47c70e8dfa2c8f1676adad4de111d2490ea1559c91d6bf6da2b8eabbbb
                                                                                        • Instruction Fuzzy Hash: C22127713042199FD705AF28E8647DB7BA1FF62325F10802AE84ACB651CB38DC4BDB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782A6D8 Relevance: .1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f5ebd8f3d052b1d7a1860a93c61d3b4728574738d9703d7246db473d33b77ce
                                                                                        • Instruction ID: 0094c13a9dc6973cb3ad7c9baa38e07b36ea0b707bd892258b9a0a7b08700cea
                                                                                        • Opcode Fuzzy Hash: 8f5ebd8f3d052b1d7a1860a93c61d3b4728574738d9703d7246db473d33b77ce
                                                                                        • Instruction Fuzzy Hash: A22146753052948FC3149B29DC54AA6BFF2EF8A600F5980EAE005CF7B2CA31DC0AC791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07822598 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d6ddc0fc355c4870e7f7db7365daf4e076a0f1ee3a08bf19a785206ed642387
                                                                                        • Instruction ID: 6dfc75147d23b5d3042c0d7d51640b12f77c409e00f3cef3091e4cdfb3aa322f
                                                                                        • Opcode Fuzzy Hash: 8d6ddc0fc355c4870e7f7db7365daf4e076a0f1ee3a08bf19a785206ed642387
                                                                                        • Instruction Fuzzy Hash: 9A219071F0061A8FCF51EF68C4586ADB7B4FF88311F01826AD519E7250EF309986CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782CFE6 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05b7b8901e11a6fa3ac93fec45e47c40c3bde90fc4489203dc3ad051bb0bf700
                                                                                        • Instruction ID: 94b908c8e792e707220ac9c2ee658dfe0953f089baba24d01c67d3b5d5a130e5
                                                                                        • Opcode Fuzzy Hash: 05b7b8901e11a6fa3ac93fec45e47c40c3bde90fc4489203dc3ad051bb0bf700
                                                                                        • Instruction Fuzzy Hash: 13212270B04248AFE744AB748C15BEE7FB6EF89340F50C466E506DB280DF34990A8B92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078247B8 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e2c1e1adfb69c7b5a0b82a635285fc23fc3fa7eb795741382e676a1a1dc7772
                                                                                        • Instruction ID: 6f8221874b7bbe280b59348291ac86bb59e7ffdd3371b9118fe896f0d2ec0294
                                                                                        • Opcode Fuzzy Hash: 9e2c1e1adfb69c7b5a0b82a635285fc23fc3fa7eb795741382e676a1a1dc7772
                                                                                        • Instruction Fuzzy Hash: C72154B5710662AFC718AF29E45492FF792FF8A656B054029E90ACB344CF30DC438BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821249 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05a1d86df632785e7d93fb9cb171d80554690e57b4019f630f3d42775cbbc22d
                                                                                        • Instruction ID: 31e7854e6d235e2c65d4bef3cf42045ac5a5aa89ff9d9b4f1d3590b580c39c2a
                                                                                        • Opcode Fuzzy Hash: 05a1d86df632785e7d93fb9cb171d80554690e57b4019f630f3d42775cbbc22d
                                                                                        • Instruction Fuzzy Hash: B7219F71B106198FC700DF7DC85896A7BFAEF9A611B2541AAE505CB331EB70DC41CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782CFF8 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3d7f0cbc59a1f37565a75be63f57b3b156bc92c3b739cb828debe22f667aec20
                                                                                        • Instruction ID: 0c68866c008e48ab40b04696c11bb7db07275b10b914f6db7cf5e17ed2252d05
                                                                                        • Opcode Fuzzy Hash: 3d7f0cbc59a1f37565a75be63f57b3b156bc92c3b739cb828debe22f667aec20
                                                                                        • Instruction Fuzzy Hash: 4A212670B04208AFE704AB70CC15BEEBFBADF85340F50C065E506DB280CE359D4A8792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824237 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a5a8b627b37b4db4d2d77963223c9f1cdefd86254a387a379d79fe8172406bf2
                                                                                        • Instruction ID: 70f859bc3654f1a0e5518662e52d8ea6f3e0cbc4bf9bc0bcfc3f4beb468f765b
                                                                                        • Opcode Fuzzy Hash: a5a8b627b37b4db4d2d77963223c9f1cdefd86254a387a379d79fe8172406bf2
                                                                                        • Instruction Fuzzy Hash: 2B1129B17016659FC704DE29C488B99BB61FB94322F558136EC0ECB241DB30DC87D7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782D510 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c5ecfd1da888068252af604c722d5d283683de19a174ed62de288d919cc56b8
                                                                                        • Instruction ID: 65105659d8e9a6b1e4755e284c65dfa92df87c89a4df8b049af0d2ed4fc9e875
                                                                                        • Opcode Fuzzy Hash: 2c5ecfd1da888068252af604c722d5d283683de19a174ed62de288d919cc56b8
                                                                                        • Instruction Fuzzy Hash: A621BDB1B002168FCB10DF78C584A9EBFB1EF59219F144065E805DB326D770EC82CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821258 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5f75e879ecc2bd32f167da166f7366366fb5eb5ffaa576760a2f8fddc693b956
                                                                                        • Instruction ID: 805903345159e48768b2fab55e82cadb8046e11a83da60959b72654dd3b951b0
                                                                                        • Opcode Fuzzy Hash: 5f75e879ecc2bd32f167da166f7366366fb5eb5ffaa576760a2f8fddc693b956
                                                                                        • Instruction Fuzzy Hash: 5E21AE71B105198FC700DF6DC858A6AB7FAEF99601B2541AAE505CB330EF70DC81CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821830 Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 756d7073feb010750ad8cd91317121c3ee682dd7727f8030cfad89ff1febc6e5
                                                                                        • Instruction ID: 3f1a8790cbc780dcf0ca736cc50f5622dd5072361d229c14349430582bc76c82
                                                                                        • Opcode Fuzzy Hash: 756d7073feb010750ad8cd91317121c3ee682dd7727f8030cfad89ff1febc6e5
                                                                                        • Instruction Fuzzy Hash: 27213175E0020A8FCF04EF69C8948EEF7B5FF883007108669D905E7345EB30A945CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078296B8 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8c8b8e4422035f1e4a283c8fa53982519e610bf693a5f05eeb27aebc1df7f91
                                                                                        • Instruction ID: 36656b59df87d4a3c445e54b1a02aaef63fa03b3d5858b8e356fef8db5d4ad6c
                                                                                        • Opcode Fuzzy Hash: e8c8b8e4422035f1e4a283c8fa53982519e610bf693a5f05eeb27aebc1df7f91
                                                                                        • Instruction Fuzzy Hash: 4D218BB4A00229DFDB18DFA0D954BAEBBB1BF45315F104029E401F7394CB75A986DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782182A Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61a0b14d6d17685b5ef625f37206e471bd9cadca9a9e7c576517420d6fc22a7e
                                                                                        • Instruction ID: 5968db7de6637719befc29ddc81445c0e5d66507de36637efb131f5d3037cd4d
                                                                                        • Opcode Fuzzy Hash: 61a0b14d6d17685b5ef625f37206e471bd9cadca9a9e7c576517420d6fc22a7e
                                                                                        • Instruction Fuzzy Hash: 30212FB5B002098FCF44EF69C8949EEB7B9FF88300750466DE906E7355EB30A945CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782AAD0 Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a6888b010c5c985610a3ef971863a2a6ad1769e552debe01fcb89742b3535b1f
                                                                                        • Instruction ID: d2d05f6eb6278c178d6c94c61d3a906b46107f2ae29b7c936633ddb602428506
                                                                                        • Opcode Fuzzy Hash: a6888b010c5c985610a3ef971863a2a6ad1769e552debe01fcb89742b3535b1f
                                                                                        • Instruction Fuzzy Hash: AA31E2B4D01228DBDB20CF99C988BDEBFF5AB09314F148029E404BB350D7B5588ACF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782B07D Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 76c41244399416692fb80a457a7c0b8c510bb337cac566c3b5336a79aa0c5375
                                                                                        • Instruction ID: 0fe2be3c7d05c0224098db8d59b79925666dad2cea6c1f5a0b9d8eb0ddc19bd3
                                                                                        • Opcode Fuzzy Hash: 76c41244399416692fb80a457a7c0b8c510bb337cac566c3b5336a79aa0c5375
                                                                                        • Instruction Fuzzy Hash: 8B31C2B4D01229DBDB10CF99D9857DEBFB5AF08324F14812AD404BB254D774588ACF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078297B1 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce29482afe1e8ac41dc71a02b894895ba1cd2a04af1d978f6395a4d5f670c381
                                                                                        • Instruction ID: b09dace0cdfadf271405313a3c2e2413bb0e6e94fb55d4ac0f001d7af47c45d8
                                                                                        • Opcode Fuzzy Hash: ce29482afe1e8ac41dc71a02b894895ba1cd2a04af1d978f6395a4d5f670c381
                                                                                        • Instruction Fuzzy Hash: E1217CB0E012599FDB08CFA1E550AEEBFB6AF49205F188019E441F7250DB30A982EF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078247A8 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c179a5ee009f9e4bfeae5e0574dfd8d37b35a071892e2f24e32bb83b7b0bf0b1
                                                                                        • Instruction ID: 54ccb1997f2ae869b7eae917800f77f9f22fd318f04eab80ee24002fb08125aa
                                                                                        • Opcode Fuzzy Hash: c179a5ee009f9e4bfeae5e0574dfd8d37b35a071892e2f24e32bb83b7b0bf0b1
                                                                                        • Instruction Fuzzy Hash: 381199B9710262AFC7099F29E494B6EB792FF856127194079E80ADF350CF34DC038BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782AEC7 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 858fea7f938ba7f4638fa97c3eab58675e4fe896651217a270d856799a376261
                                                                                        • Instruction ID: 75ea81118186caf05602f220659beefc7515a2931e822036f4ba4eafc1c6b2e8
                                                                                        • Opcode Fuzzy Hash: 858fea7f938ba7f4638fa97c3eab58675e4fe896651217a270d856799a376261
                                                                                        • Instruction Fuzzy Hash: 921127B2A007264F8B15DF799C444BFBBB7EFC4260714852AE869D7240DF308D069B52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F0A1 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c73f435adba506fe1f4b102791b906559df4bb1c30836c9a70698a65a9961b8
                                                                                        • Instruction ID: 55f6e867a3088a382495ce913592e7dc7490dc4bf47a7917f2904a1f8a76d959
                                                                                        • Opcode Fuzzy Hash: 5c73f435adba506fe1f4b102791b906559df4bb1c30836c9a70698a65a9961b8
                                                                                        • Instruction Fuzzy Hash: 3F2137B4E16209DFDB44CFA9C5455AEBFB2EF89201F20C4AAD905E3314E6309A41DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078282A8 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 72977f60d7bfa65155fb316f783bc5b35683671c8115ec559cac13c8ca4f47e3
                                                                                        • Instruction ID: 572e78a8bad67fbebbc2635e8cf842287559732c004dcfbc4483f21d064fb6f6
                                                                                        • Opcode Fuzzy Hash: 72977f60d7bfa65155fb316f783bc5b35683671c8115ec559cac13c8ca4f47e3
                                                                                        • Instruction Fuzzy Hash: CC1159B6A10205AFCB148F64D989ADDBBB6BF8C311F108529E916E7290DB31AD11CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782D0E8 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d224bdd17251b247a11ec85f75024d24d70b6f658b486763428230cde2bbfccc
                                                                                        • Instruction ID: a0c38bc0dc2968c927e3d603d00b6cff63392d72e7351467a2ed5ff740bb3a4b
                                                                                        • Opcode Fuzzy Hash: d224bdd17251b247a11ec85f75024d24d70b6f658b486763428230cde2bbfccc
                                                                                        • Instruction Fuzzy Hash: AD211571A00219EFCF04DFA8D944ADDBFB2EF88311F104469E902B7260DB31AD95DBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F0B0 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5441aad30d0a591ab0a03d4024007801a1bb75a46149e402532f8d4a44c6b9c1
                                                                                        • Instruction ID: d8b83548115df8d64832d885f420cc4152019616dbdb973787ef37f0b76b96ed
                                                                                        • Opcode Fuzzy Hash: 5441aad30d0a591ab0a03d4024007801a1bb75a46149e402532f8d4a44c6b9c1
                                                                                        • Instruction Fuzzy Hash: 692106B4E11219DFDB44DFA9C5455AEBFF2FB88201F60C4AAD909E3314EB309A41DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ADF8 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4728dafdff54d10fbe71257b258d9504cf22b52c1da243a001a3c5bb27982dbc
                                                                                        • Instruction ID: 320adfceec540350213cd091a47d4131554537e4b5e93fa746b48bf964e4c482
                                                                                        • Opcode Fuzzy Hash: 4728dafdff54d10fbe71257b258d9504cf22b52c1da243a001a3c5bb27982dbc
                                                                                        • Instruction Fuzzy Hash: 09115175B102298B8B58EFB898116EEB7F2AFD4355B104039C904EB240EF35DD52CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07827548 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 81132b42694a58703f5f51e065d690a1f54b1a9d9911b7998c7d94cb0ef9ddab
                                                                                        • Instruction ID: 1318a24d67b09a79c8c50f0363ca6fb378e26821c1398a290de11a7a22eb9dcd
                                                                                        • Opcode Fuzzy Hash: 81132b42694a58703f5f51e065d690a1f54b1a9d9911b7998c7d94cb0ef9ddab
                                                                                        • Instruction Fuzzy Hash: 8C01D375A00218DBCF04CFD9D9548DEBBB5FF88310F00812AE955E7214DB35A91ADBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07827F88 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c776301f6dbaf37c1e35004e76f2a31a718e81d088ab5cd8231d4640f9094727
                                                                                        • Instruction ID: 23681ed3246242f102f663ebdf4b804622e637711e89fcf0ef5dadb9378730ef
                                                                                        • Opcode Fuzzy Hash: c776301f6dbaf37c1e35004e76f2a31a718e81d088ab5cd8231d4640f9094727
                                                                                        • Instruction Fuzzy Hash: E2F062B13086254B87155E2F9444A2BBBDEBFD8A563150079FA05CB361DE30DC42C790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07822178 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 530a0484737b53ba3cf8b11eefb0abf3e4810240c52b564199bcae3580651610
                                                                                        • Instruction ID: 5f10869d6c6dcc63c5ae00746010a6e94fb1fcfa68d073870b2e7f4d35250553
                                                                                        • Opcode Fuzzy Hash: 530a0484737b53ba3cf8b11eefb0abf3e4810240c52b564199bcae3580651610
                                                                                        • Instruction Fuzzy Hash: 11F044753100218FD708AB2DDC48E6973EAEFC9525B2581BAE509CB364CE61EC069BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07829070 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d900785ebaf3bcbced76d59e075481d0f1d8b0e9882bc73a1c2b799eadfad4c3
                                                                                        • Instruction ID: 311cbc93d3a56abf990aa5078efd0f480c5495a9ed2abfa51655aecc679a470e
                                                                                        • Opcode Fuzzy Hash: d900785ebaf3bcbced76d59e075481d0f1d8b0e9882bc73a1c2b799eadfad4c3
                                                                                        • Instruction Fuzzy Hash: 8FF027327046241BC75A977C54615AF37A3AFE921C314887ED08ACB741DF39CD078B95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782B4D8 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 36a04947c446ad4079e7eaa45abf8cd838bf064c126aa7ed0833bc97de0eb65d
                                                                                        • Instruction ID: 5aae3b27abbc01c7aa9eee8e98af8711aa6abcf5186902bd2f01f318300117f9
                                                                                        • Opcode Fuzzy Hash: 36a04947c446ad4079e7eaa45abf8cd838bf064c126aa7ed0833bc97de0eb65d
                                                                                        • Instruction Fuzzy Hash: 6FF0BEB6B042619FD3148B69E8809ABBBE9EF89234715857BE008CB361DB304C00C7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782B43D Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 556825ee5e50bde1fe23c60e69c4dba1353d659da44ef06e79e86444a259b505
                                                                                        • Instruction ID: 03e34781a70d054ee0afb80a19c9ff6a7fa5c20e82b2ea12b4cb63f69fccdaf9
                                                                                        • Opcode Fuzzy Hash: 556825ee5e50bde1fe23c60e69c4dba1353d659da44ef06e79e86444a259b505
                                                                                        • Instruction Fuzzy Hash: A901E5F1801229DEDB10CF65C4843AABFB1EF48325F108229E424EA2A0E7744A85DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782B448 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a8ff35a63c78b2096e34471751ef9b17b9e118b503ae1e381a7a51f615a3fc55
                                                                                        • Instruction ID: d233929ed94385195a3d0ddba9919b58bacf645edf8511a05228f8b910e61b58
                                                                                        • Opcode Fuzzy Hash: a8ff35a63c78b2096e34471751ef9b17b9e118b503ae1e381a7a51f615a3fc55
                                                                                        • Instruction Fuzzy Hash: 1E01ECF0801229DFDB14CF55C4443AE7FF5EF45361F108225E424EA290E7744A85DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821AD8 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41ec5372738ab10ee7a8eaea3a9cab650d81b682148710649ab3a7f9d646a40f
                                                                                        • Instruction ID: 92be4f431d581053e2e3ab69c5f3581f3f1eb9647f80b83d727e228ce1c91173
                                                                                        • Opcode Fuzzy Hash: 41ec5372738ab10ee7a8eaea3a9cab650d81b682148710649ab3a7f9d646a40f
                                                                                        • Instruction Fuzzy Hash: C8F09676E001188FC740EF98D8047D9B3F4FB48311F24852AD918D3340EB34A95A8B50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782B4E8 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 09fc39b1e9732aef89b9ab05b03180dd9a9b76aec1b3efb31584e486532be631
                                                                                        • Instruction ID: b4c3d47d104720c577ad5fb804feee086a0377da99bcd84d2a30435486db20ee
                                                                                        • Opcode Fuzzy Hash: 09fc39b1e9732aef89b9ab05b03180dd9a9b76aec1b3efb31584e486532be631
                                                                                        • Instruction Fuzzy Hash: 0EE039727041246F5314DA6AD884CABBBEEEBCD664351813AF50CCB310DA319C0086A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782D4FF Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 914ff758831b7a6b13fa0b745c5b508f5173817126ddf09201462f7251e582b2
                                                                                        • Instruction ID: 81e53152f7cb7e7dda7e6619062a526851acb246e0e3c92faa82b89f55348ac0
                                                                                        • Opcode Fuzzy Hash: 914ff758831b7a6b13fa0b745c5b508f5173817126ddf09201462f7251e582b2
                                                                                        • Instruction Fuzzy Hash: C5E022FB60030AEFCF201AA0EA8D399BFB4EB10226F004032E940C1002DBB080AFD721
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078217D8 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e7ad3b246fa8eaf8f068795df2ebf39bb736e945047215682522a83ac5b473c
                                                                                        • Instruction ID: 187c02e6b308c252c70fca55aae254606f766f1e29da0185524e47d9861e81d8
                                                                                        • Opcode Fuzzy Hash: 2e7ad3b246fa8eaf8f068795df2ebf39bb736e945047215682522a83ac5b473c
                                                                                        • Instruction Fuzzy Hash: 6FE09271B00A250B9708FB6EA44046AF7DBEFD8511318C17ED50DCB628ED709C0246C8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FDA9 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b566977448c5bc4a3fa7883e259306942cbe0aacfa48b0166af6d12e314e5356
                                                                                        • Instruction ID: 974ceef02867c354e47087b251f374d77b3110b544461521c5dac77c99c2f00b
                                                                                        • Opcode Fuzzy Hash: b566977448c5bc4a3fa7883e259306942cbe0aacfa48b0166af6d12e314e5356
                                                                                        • Instruction Fuzzy Hash: CCF090709193998FCB12DF78D80969A7F70AF03324F1442EAD850AB2D2D7301941CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07827F79 Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a01f70d1ea037b04363536544085fb4236daec9c4b1f0c58819b2926e83c154
                                                                                        • Instruction ID: 93e07928650ca6c059794a5426b636d4ecb49f57097ccd8787f8e45a0d9cf0d3
                                                                                        • Opcode Fuzzy Hash: 6a01f70d1ea037b04363536544085fb4236daec9c4b1f0c58819b2926e83c154
                                                                                        • Instruction Fuzzy Hash: C6E086BB6087324BC312055E78446B67F959FD5272B250367FA08C7351D6348D424260
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FDB8 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: addb67a01ee187c6917802ce4fd181de71596d67a41ef576911dafe58d56868f
                                                                                        • Instruction ID: d400fd54b15c201c5cda2a2eb23d6a6bdc2c6fca467b6dea00e75ebdaccbe262
                                                                                        • Opcode Fuzzy Hash: addb67a01ee187c6917802ce4fd181de71596d67a41ef576911dafe58d56868f
                                                                                        • Instruction Fuzzy Hash: 2DF0A5B4D512199FCB40EFA8E90A6AEBFB0EB04301F1085AA9815A3380EB706A51CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078218FA Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 24b2e7b688e07dc43b9307a0ca017b7a1291672b027bec9373f6059eab6ed7ea
                                                                                        • Instruction ID: ee5ddd68e7aaa6e68f98a9efd5e3c5332f084add4a6f8fcca037b0b13f8bc137
                                                                                        • Opcode Fuzzy Hash: 24b2e7b688e07dc43b9307a0ca017b7a1291672b027bec9373f6059eab6ed7ea
                                                                                        • Instruction Fuzzy Hash: EBF0C972C106199BCB40BFA9DC055DEBBB4FE55311B40CA26DA68B7100FB3062598BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 078217CA Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3b12edfbedf4cb48954f4b7f2200933d7dca75593535e0542f8cfb784d8f96b
                                                                                        • Instruction ID: 36a6831e108d0c2739f3cdb0677ee9e56d3f5f8b0c79614b26a3c2a96e412cc0
                                                                                        • Opcode Fuzzy Hash: d3b12edfbedf4cb48954f4b7f2200933d7dca75593535e0542f8cfb784d8f96b
                                                                                        • Instruction Fuzzy Hash: 5FE07D713007140FC308A93EC801663B6EBFFC4510B24C22CC889C3314EA746C034AC8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ED39 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5ad8665c45cabd1f021140830998553224ce51a5d3f90e765d2b56cfde42f9b6
                                                                                        • Instruction ID: f16a8349c6b494001ba7f759cbbb80686045ed99bdeb47f7ed342dc14a96f2d6
                                                                                        • Opcode Fuzzy Hash: 5ad8665c45cabd1f021140830998553224ce51a5d3f90e765d2b56cfde42f9b6
                                                                                        • Instruction Fuzzy Hash: C5E09270E0A2489ECB15DF7CE4046EE7FB0DF46200F1041EAD808D7611C2310954CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821A9A Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e496d39bc84cc91cf2f17de06f052545d2f04a295cafbd43f87399939287d3a0
                                                                                        • Instruction ID: 3d473faacdd4d86b1a035a70791ab34ce1456bdf4b51fae0b7dcb34b11365eff
                                                                                        • Opcode Fuzzy Hash: e496d39bc84cc91cf2f17de06f052545d2f04a295cafbd43f87399939287d3a0
                                                                                        • Instruction Fuzzy Hash: D2E01276D002199BCB40EFA9DC44ADFB7B8FF88310F108526DA68E3240E730A655CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821900 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1cfa70472abc621e92837055ea5d44bc73553507d5e083e475766f6f8dfbea34
                                                                                        • Instruction ID: 5118125720f3f33b272d4fcb6501e66a37b9e111b66a0c3270cecd9d83dd8f28
                                                                                        • Opcode Fuzzy Hash: 1cfa70472abc621e92837055ea5d44bc73553507d5e083e475766f6f8dfbea34
                                                                                        • Instruction Fuzzy Hash: 39E0C931C106199ACB40BFA9DC044DEBBB4FE55311B00CA26D958B7100F73062588B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FD68 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c61b79693c217732f2a4d83acd1c2ab33ff088d00ebdb658a7ae5c0203f5f4e1
                                                                                        • Instruction ID: 1f1c1eb5f18c74d6d7530f20674c7ac15c246f472752ea87342dda4596a749e5
                                                                                        • Opcode Fuzzy Hash: c61b79693c217732f2a4d83acd1c2ab33ff088d00ebdb658a7ae5c0203f5f4e1
                                                                                        • Instruction Fuzzy Hash: 6DE0265001A3D41EC727877CD8559663F24CF03029B0402CBE8804E5E3C6260C02C3A3
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FCE0 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db9e06e1be0252be5fe82f5bc3f6800cdc1d21a9ce3f0bc1217ff983fa8de67f
                                                                                        • Instruction ID: 76a0a55f5549657597d7754f99586644ef7a90b4f5a1968009f80e27e5c20bf4
                                                                                        • Opcode Fuzzy Hash: db9e06e1be0252be5fe82f5bc3f6800cdc1d21a9ce3f0bc1217ff983fa8de67f
                                                                                        • Instruction Fuzzy Hash: 34E022B0C253C05ECF12CB68C850199BFB0DF02215F1042DAE8548B6A2D7310412C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07821AA0 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c781c3c0c393324c341c94826d362b53435ec828a615b701170b6d9d1401223
                                                                                        • Instruction ID: 56db7c13941fdc1a9d07e933a2edf4caba77e3b85599c8d93de63be6ed92592c
                                                                                        • Opcode Fuzzy Hash: 7c781c3c0c393324c341c94826d362b53435ec828a615b701170b6d9d1401223
                                                                                        • Instruction Fuzzy Hash: DDE09275D002199BCB50EFA9DC049DEB7B8EF99311F108526D558A3140E73156558BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FAE1 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3f57cbbeb4f02e2296ca82eac34d4661f64c4926aaca43411569899d18fdf908
                                                                                        • Instruction ID: 9e71f7942cc1a74e8044910252cd3607cd4ac9186a653341b8cb0450000d4ed0
                                                                                        • Opcode Fuzzy Hash: 3f57cbbeb4f02e2296ca82eac34d4661f64c4926aaca43411569899d18fdf908
                                                                                        • Instruction Fuzzy Hash: 99F0A970A192858FCB12CBA8D8549887FB0AF07224F2042EEE8649B3B2C7312846CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FBB9 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de68ab892798756714ba4175a692316cec7eafb34b6a26abd1821a2dc0a16a17
                                                                                        • Instruction ID: 301bbf6bc304960172d526c16804126d41f334b795e42ab862f89b47c8cd4451
                                                                                        • Opcode Fuzzy Hash: de68ab892798756714ba4175a692316cec7eafb34b6a26abd1821a2dc0a16a17
                                                                                        • Instruction Fuzzy Hash: AFE092705193850EC716D7B8D8145997F305F03138F6482DE84A45B6E2C7251457D761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FAF0 Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e34e56542fd0bba8b786e80a28c82a23590ddf8c4a7bd0869e8596eb43acbc54
                                                                                        • Instruction ID: c48774fdee206a93da0b766a910d663dd788ae7c11d4609fa8958a77df60e4ee
                                                                                        • Opcode Fuzzy Hash: e34e56542fd0bba8b786e80a28c82a23590ddf8c4a7bd0869e8596eb43acbc54
                                                                                        • Instruction Fuzzy Hash: F3E012B4E10208AFCB80DFA8E44868CBBF0EF08200F1080AAD808E3320E630AA54CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ED48 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 317e71e7e6f7a89354619d4e79f3805ba51526b16efdba69355540db9f50cb8c
                                                                                        • Instruction ID: 4fb4ade033fc58992e578119ca3f71ed853d5c485b0088acdf87dce8753960fd
                                                                                        • Opcode Fuzzy Hash: 317e71e7e6f7a89354619d4e79f3805ba51526b16efdba69355540db9f50cb8c
                                                                                        • Instruction Fuzzy Hash: B2D012B0E0520C9FCB14DFA8E40569EBFB4AB44304F1081A9980493740D7312555DB85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FCF0 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 185f09c3f69363167e0a8caf0e987cefa9953c9e17021675916504140482e695
                                                                                        • Instruction ID: 4d46ff3532ff74ec0aa4135b164816b568adaeb7fa6b24346fdd057c08033baa
                                                                                        • Opcode Fuzzy Hash: 185f09c3f69363167e0a8caf0e987cefa9953c9e17021675916504140482e695
                                                                                        • Instruction Fuzzy Hash: 71E0EC70D11208AFCB50DFB9D44929DBBF4EB44204F1080AAC818D3740EB345655CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FBC8 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b3956e3c84631fd9e5024c6893040c9f4072a599283ed0cc24951582da81cb79
                                                                                        • Instruction ID: 326360d166575fba72987b6f3127d2e1714b0525238636a7cf11ccdb06224611
                                                                                        • Opcode Fuzzy Hash: b3956e3c84631fd9e5024c6893040c9f4072a599283ed0cc24951582da81cb79
                                                                                        • Instruction Fuzzy Hash: C2D01770E0520CAFCB14EFB9E81569EBBB4AB44204F60C1A98908A3744EB345A65DB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07828365 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a8cc2390650ff46e20e68c597fa5dc4cc6ca5ceff08af664573d5fa556121f30
                                                                                        • Instruction ID: ab387d96d046a6c377480c4b37aac9d6b1297d6c528e1f28f0da4353abf05dcf
                                                                                        • Opcode Fuzzy Hash: a8cc2390650ff46e20e68c597fa5dc4cc6ca5ceff08af664573d5fa556121f30
                                                                                        • Instruction Fuzzy Hash: FDD0673AB10008DF8B049F98E8448EDBBB6FF98226B448116FA15A7265C731A925DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782FD78 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b01409b3d6ba3a9b65f946a952368aac98640696b8b2795f22cbc892d4d6ecdd
                                                                                        • Instruction ID: a7d6c33f40249bb6b7cf6b61a52a85d5d65cfed01f728ee439aec440dec35d8c
                                                                                        • Opcode Fuzzy Hash: b01409b3d6ba3a9b65f946a952368aac98640696b8b2795f22cbc892d4d6ecdd
                                                                                        • Instruction Fuzzy Hash: 2CD0A77091110C9FCB14EFB8E91535D7FB4DB01105F5040B9880493740EB305555D691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07822DA0 Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f53eddd80f7cec05b452112289c9dd2b458a05e0a457914395d3ef18922d983a
                                                                                        • Instruction ID: b62d59f64bc944f9425ae0a221792a118fddb7e2509f396488ee5250912023ee
                                                                                        • Opcode Fuzzy Hash: f53eddd80f7cec05b452112289c9dd2b458a05e0a457914395d3ef18922d983a
                                                                                        • Instruction Fuzzy Hash: D3C08CAA26021C03EA00A64BEE517D53348C3A0828F800B3A5D9E46F4AF91C784F1AA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782ADC1 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fa56dc37cd12757611d41239402e96b9301e75ea089848f2836179117d2a3871
                                                                                        • Instruction ID: a4ff7e82573f6ac5ca5bf6fe22cc03030e9cf5d8994a1d773a9eb7d4c40655bc
                                                                                        • Opcode Fuzzy Hash: fa56dc37cd12757611d41239402e96b9301e75ea089848f2836179117d2a3871
                                                                                        • Instruction Fuzzy Hash: 8AD0C97A5452529FC3411B18F900648BB60EF52334B268353D050464F19B290867DB12
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07824C00 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69452464be5dcdafdfd1f7df7fd7e95ba15eb72e944458111a2c38f94aa4437a
                                                                                        • Instruction ID: 3e79a1cd3af37bc2c3c30aae46b80b2d3219368e784641333fb1f3de017a0859
                                                                                        • Opcode Fuzzy Hash: 69452464be5dcdafdfd1f7df7fd7e95ba15eb72e944458111a2c38f94aa4437a
                                                                                        • Instruction Fuzzy Hash: F4C01230111209CFC584BF60F6614E9735BAB8029C780882190494F629EF745C4D96C6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07829D4C Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 11c8902261b9269684b11dadd6dfb346504b3fc2069eba63ddbda6581d97499f
                                                                                        • Instruction ID: a31120692646655636d4590a59768bb10a9ac8916eb2397ba4b877bab77094c9
                                                                                        • Opcode Fuzzy Hash: 11c8902261b9269684b11dadd6dfb346504b3fc2069eba63ddbda6581d97499f
                                                                                        • Instruction Fuzzy Hash: 9DC02B36010010EF4600A704C584C55FAE1FF61306B80C882A544C9030C730CC6CFF03
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 07822DB0 Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3955dabe9636c187bab33aa170ab7cd1404eda0184d4ef73741ac808c43c0b1b
                                                                                        • Instruction ID: 871179320cce876971091613dafe654a2493a2eac08f17917a36407846cc5fa1
                                                                                        • Opcode Fuzzy Hash: 3955dabe9636c187bab33aa170ab7cd1404eda0184d4ef73741ac808c43c0b1b
                                                                                        • Instruction Fuzzy Hash: BBB012B432432C438600F79EB9108E8335D16D440C780082794090B75A6E643C8906D9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 085D7F38 Relevance: 6.4, Strings: 5, Instructions: 166COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 1uF$1uF$<F?$$<F?$$<F?$
                                                                                        • API String ID: 0-635167036
                                                                                        • Opcode ID: 13555235916924c0c04442d2a2bb8320ed4e24003aff4b1fe12282f3f37653b7
                                                                                        • Instruction ID: 372503d1ecf7101f95ae54ba97e786d0383bc671625facebba87c2861087fff2
                                                                                        • Opcode Fuzzy Hash: 13555235916924c0c04442d2a2bb8320ed4e24003aff4b1fe12282f3f37653b7
                                                                                        • Instruction Fuzzy Hash: C97116B4D1120ADFCB14CF99D5809AEFBB1FF48311F14896AD815A7314D3309982CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D7F28 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: <F?$$<F?$$<F?$
                                                                                        • API String ID: 0-539594711
                                                                                        • Opcode ID: 9cddcbfb79d10274952df860095edd23f89b0e0f5040cc4a5382ce926371bfe4
                                                                                        • Instruction ID: 1ed438a12e70c3c6a5bd1bfbeaa91bcc281eddcb194f4263a6e89bcd629bc459
                                                                                        • Opcode Fuzzy Hash: 9cddcbfb79d10274952df860095edd23f89b0e0f5040cc4a5382ce926371bfe4
                                                                                        • Instruction Fuzzy Hash: 946107B4E1520ADFCB14CFA9C5809AEFBB1FF88311F14996AD815A7314D3349982CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8250 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: k$k$k
                                                                                        • API String ID: 0-2197096434
                                                                                        • Opcode ID: 2ac5c29c4e10f2f9b946c29c2d2de7bfdbc8258f4c4aadddfadaa07f12543859
                                                                                        • Instruction ID: 3e1b037458a30115ec1ae2f3a3ad61172edf5865c21eb3fb0adf97fc08090c6f
                                                                                        • Opcode Fuzzy Hash: 2ac5c29c4e10f2f9b946c29c2d2de7bfdbc8258f4c4aadddfadaa07f12543859
                                                                                        • Instruction Fuzzy Hash: F16116B5E0020ADFCF14CFAAD4406AEFBB2BF88342F54882AD925A7304D77496418F94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8240 Relevance: 3.9, Strings: 3, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: k$k$k
                                                                                        • API String ID: 0-2197096434
                                                                                        • Opcode ID: fb46bbf4d74142409d2c0d9fffa14f8dd261d620b3cd6e041462bdb4687b436c
                                                                                        • Instruction ID: f2fc50eee52aa14c10686c0a28aecc360143d22174d2c40bd558c58c42b41260
                                                                                        • Opcode Fuzzy Hash: fb46bbf4d74142409d2c0d9fffa14f8dd261d620b3cd6e041462bdb4687b436c
                                                                                        • Instruction Fuzzy Hash: 5F511675E0120ADFCF14CFAAC4415AEBBB2BF88202F64886AD915A7314D77496418F95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D87B0 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4N$9mf
                                                                                        • API String ID: 0-880350422
                                                                                        • Opcode ID: f46ee6e8a2f711b9dcde0c82bb928ac111b696dcc12f07812b313eb97a9aadef
                                                                                        • Instruction ID: b4ef13ae7b05db769647518ea62171e4ca86d617f57b7ca41079130c2406c2ca
                                                                                        • Opcode Fuzzy Hash: f46ee6e8a2f711b9dcde0c82bb928ac111b696dcc12f07812b313eb97a9aadef
                                                                                        • Instruction Fuzzy Hash: E371C274E15219CFCB18CFA9D9815DEFBF2FF89211F24982AD815B7224D7309A428F64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D87A0 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4N$9mf
                                                                                        • API String ID: 0-880350422
                                                                                        • Opcode ID: 2caba5d557e31f65f2953f1b58201b9f1c246ad12a9a9667aa7eb741f51eba00
                                                                                        • Instruction ID: 6a980dcc68192380298dfe15a1db70f7178a8d57c6fce5fe37393c6d720d14d6
                                                                                        • Opcode Fuzzy Hash: 2caba5d557e31f65f2953f1b58201b9f1c246ad12a9a9667aa7eb741f51eba00
                                                                                        • Instruction Fuzzy Hash: 1C61E074E15219CFCB18CFA9C9815DEFBF2FF89211F24D86AD805B7224D7349A428B64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F0007 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: \nC;
                                                                                        • API String ID: 0-2290711758
                                                                                        • Opcode ID: 9e0a98c02f9483f4a97c4f67521e299c6efabdb75b7b826c0d4980ea621de41e
                                                                                        • Instruction ID: 2011965e9054d8a29df011878e888172eb2b4ddb8e39454ed0d73134fe0db85a
                                                                                        • Opcode Fuzzy Hash: 9e0a98c02f9483f4a97c4f67521e299c6efabdb75b7b826c0d4980ea621de41e
                                                                                        • Instruction Fuzzy Hash: 83816874D0520ACFCB04CFEAD8815AEFFB2AF89300F14946AC515EB316D7349A568F95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0E0F0040 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342477012.000000000E0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E0F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e0f0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: \nC;
                                                                                        • API String ID: 0-2290711758
                                                                                        • Opcode ID: ba9bb3e7dce8c45bba9abb9b46e575d23584992f0a26a4fa95ec5c6ede464b74
                                                                                        • Instruction ID: c17dcb7e819b88bb0683fe49d8e78ea09174e3cec12a0a8a446e7fcd705cad9a
                                                                                        • Opcode Fuzzy Hash: ba9bb3e7dce8c45bba9abb9b46e575d23584992f0a26a4fa95ec5c6ede464b74
                                                                                        • Instruction Fuzzy Hash: 37813774E0520ACFCB44CFEAD5815AEFBB2AF88300F20942AD516A7315D7349A528F98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8A18 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `&ao
                                                                                        • API String ID: 0-2269721698
                                                                                        • Opcode ID: 24bb034cfd97e5a67a6e8400857d33cd224255fb74595cb845770793dc4f4995
                                                                                        • Instruction ID: 952047a8d5c4462b29cb5f60a4ec40611711684f1b8bdf40363cd83465fc1a67
                                                                                        • Opcode Fuzzy Hash: 24bb034cfd97e5a67a6e8400857d33cd224255fb74595cb845770793dc4f4995
                                                                                        • Instruction Fuzzy Hash: E7510AB4E0560A9FCB18CFA9C5815AEFBF2FF88210F24D86AC805A7254D7349A41CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8A28 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `&ao
                                                                                        • API String ID: 0-2269721698
                                                                                        • Opcode ID: 816dde1e608a56c466fe78589952a4f287e5ad2f0f6b94ab65f30848d0fa269b
                                                                                        • Instruction ID: a44974d45196459684f89bac23e782c7c223b58d24175360413e504f93ac7057
                                                                                        • Opcode Fuzzy Hash: 816dde1e608a56c466fe78589952a4f287e5ad2f0f6b94ab65f30848d0fa269b
                                                                                        • Instruction Fuzzy Hash: CC510CB4E0560ADFCB14CFA9C5815AEFBF2FF88211F20D96AC805B7354D7349A418B95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D85C0 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :C8@
                                                                                        • API String ID: 0-2907506987
                                                                                        • Opcode ID: c3287e42685e4072a3decde754bd177a3f13180e5ebdbd74b3d421c401a6949c
                                                                                        • Instruction ID: c4731e6f686ce3f59abf4b9050f453768bda0694e2601f73b786aa427ce55ae0
                                                                                        • Opcode Fuzzy Hash: c3287e42685e4072a3decde754bd177a3f13180e5ebdbd74b3d421c401a6949c
                                                                                        • Instruction Fuzzy Hash: 4F41C2B0E0120ADFCB54CFAAC4805AEFBF2FB88251F54C469C825B7254D7349A55CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D85B3 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :C8@
                                                                                        • API String ID: 0-2907506987
                                                                                        • Opcode ID: 3d2969b4167f8d3674753df4b12b84bbe1bd34728fd416343599bdc5ca6ddd7c
                                                                                        • Instruction ID: e1b8b4eb6a71774e5ae73e363513513c3ebfd771415f9189394a40aca1f364e5
                                                                                        • Opcode Fuzzy Hash: 3d2969b4167f8d3674753df4b12b84bbe1bd34728fd416343599bdc5ca6ddd7c
                                                                                        • Instruction Fuzzy Hash: BD4105B0E0160ACFCB14CFAAC4805AEFBB2FB88251F64C56AC825A7254D7345A51CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DDAB8 Relevance: .4, Instructions: 353COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a8508bb575abbfce27a66d72858d88cc9f2a97038827152ccb692a179cab45c8
                                                                                        • Instruction ID: 374c862ea1bf9108e9cd1f3033c90c7b657e9dfa4f6b661f47b45ee3f892096e
                                                                                        • Opcode Fuzzy Hash: a8508bb575abbfce27a66d72858d88cc9f2a97038827152ccb692a179cab45c8
                                                                                        • Instruction Fuzzy Hash: C2D1AD70E0020A8FCF14DFB9D9416EEBBF2FF88255F10946AD815A7354EB3499468FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133E1E0 Relevance: .3, Instructions: 315COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 35acc56c40e450aa7a7781e137281a777f788f03b2fb79fffe337ead987b5156
                                                                                        • Instruction ID: 8f4b37cbca2624673fac95cccf6ebfb8538e4b207f6e16a0f61afd9cd8879b09
                                                                                        • Opcode Fuzzy Hash: 35acc56c40e450aa7a7781e137281a777f788f03b2fb79fffe337ead987b5156
                                                                                        • Instruction Fuzzy Hash: EE12B7F24917468BE332CF65E9981893BB9F7C7328F908209D2615FAD9D7B8114ACF44
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782BE5B Relevance: .3, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1a37bed0dc05a89f6225ef00058cf7525cd65b53d748b5c07acf063ca862a41
                                                                                        • Instruction ID: f1ace28853596a1fc555c162ca178987d1f57bbcf05fa06376290b4c46183283
                                                                                        • Opcode Fuzzy Hash: e1a37bed0dc05a89f6225ef00058cf7525cd65b53d748b5c07acf063ca862a41
                                                                                        • Instruction Fuzzy Hash: 15D1F731D2075A8ACB10EF64D9A06DDB771FF95304F60879AE5497B214FB70AAC8CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133B974 Relevance: .3, Instructions: 265COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 475c4e8eb5f4c02117096c55ea0a7a134dc0f15e8bb3d9bbc0f85bb6bfe2e2cb
                                                                                        • Instruction ID: 8dfa886a44f3321641ff63250641bee9ce41b0d3f763f801949cfc10692eacda
                                                                                        • Opcode Fuzzy Hash: 475c4e8eb5f4c02117096c55ea0a7a134dc0f15e8bb3d9bbc0f85bb6bfe2e2cb
                                                                                        • Instruction Fuzzy Hash: 71A18E32E0020ACFCF15DFA9C8445DEBBB2FFC5304B55856AE905BB265EB31A905CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782BE68 Relevance: .3, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 84db815656def434922c24e8c7d091de02227014de510a6b7a781e27db449bd9
                                                                                        • Instruction ID: 7b5f37a5cafa377b53a4e4c757a87f975034f8769f6d848a00dac73c8a4a8a77
                                                                                        • Opcode Fuzzy Hash: 84db815656def434922c24e8c7d091de02227014de510a6b7a781e27db449bd9
                                                                                        • Instruction Fuzzy Hash: ECD1E731D2075A8ACB10EF64D9A06DDB771FF95304F60879AE5497B214FB70AAC8CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0133E1DE Relevance: .2, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.323200496.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1330000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d109160083acc6c887fced761863ab4e4e0d393fbb714bbd1914bb501fbc0a40
                                                                                        • Instruction ID: 3ebb94d14be13ba5e9c358138eaa0de7ce0b7394140e265a84f2547c501cc662
                                                                                        • Opcode Fuzzy Hash: d109160083acc6c887fced761863ab4e4e0d393fbb714bbd1914bb501fbc0a40
                                                                                        • Instruction Fuzzy Hash: 33C16EB28917468BE331CF65E8981893B79FBD7328F508309D1616F6D8D7B8108ACF84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DEC00 Relevance: .2, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5ffbbb023d7b11a800e097894e64433b4fe5c4d84b0aa329fea92c95a61cfa18
                                                                                        • Instruction ID: c7b45e19a234006934e6fb7834830dca0690e194ef14e60d199ed278462aed1a
                                                                                        • Opcode Fuzzy Hash: 5ffbbb023d7b11a800e097894e64433b4fe5c4d84b0aa329fea92c95a61cfa18
                                                                                        • Instruction Fuzzy Hash: 07814E74E15219CFCB24DF69D981A9EFBF2FF89201F20816AD809AB355D7309941CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085DDCD8 Relevance: .2, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9d697ad754239e2a605eca8ffe7bcbdf3c654c515e2913e50584388d232256e
                                                                                        • Instruction ID: 1a248d6036fd3d61bf38ec5ca49b348719d00c256ebebeff43242b42d49c8d79
                                                                                        • Opcode Fuzzy Hash: c9d697ad754239e2a605eca8ffe7bcbdf3c654c515e2913e50584388d232256e
                                                                                        • Instruction Fuzzy Hash: 7C711570E0520A8FCB14DFAAD5416EEFBB2FB88311F14D46AD815AB358D7349A418FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F350 Relevance: .2, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8882bb40f485d88815552eeffc33b7139706b43bc9f49198ff95abcdc0b9b8bd
                                                                                        • Instruction ID: 525009d62efbb136209f827896cd483444536bf458421cdfad92a8647d4031bd
                                                                                        • Opcode Fuzzy Hash: 8882bb40f485d88815552eeffc33b7139706b43bc9f49198ff95abcdc0b9b8bd
                                                                                        • Instruction Fuzzy Hash: BA813DB4E151298FCB54DF69C580AADFBF2BF89205F64C1AAD408A7315D7309A42CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782F341 Relevance: .2, Instructions: 181COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7ca17f03a4da86c197ee8d12f621a96c31aa9851b5112d8b0c6d6c4cfe72f720
                                                                                        • Instruction ID: f1f02f04112898ee986f488b8ad920b1bcec5c23eeabbe56debb6b1df6566ce7
                                                                                        • Opcode Fuzzy Hash: 7ca17f03a4da86c197ee8d12f621a96c31aa9851b5112d8b0c6d6c4cfe72f720
                                                                                        • Instruction Fuzzy Hash: CB813EB4E152298FCB54DF69C680AADFBF2BF89305F64C1AAD408A7315D7309942CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D97D6 Relevance: .2, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9b805049e33cf1b6cbc050932602db78895e10d82bb5783e733de5f5efc19016
                                                                                        • Instruction ID: fd6f62491260f8bb24fd30d66f55457eb40759bd2735ae2d1f9b5bb504e79772
                                                                                        • Opcode Fuzzy Hash: 9b805049e33cf1b6cbc050932602db78895e10d82bb5783e733de5f5efc19016
                                                                                        • Instruction Fuzzy Hash: 8E510C71E457588FDB19CF6B984829AFFF3AFC5210F18C0BAC848AB255DB3105898F11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782CCE0 Relevance: .1, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8e2cede675462a8d3edb56b0111bb7ce32f5d661d376446b61dc9dae9deccf9e
                                                                                        • Instruction ID: a19266dd361f0809ed9069355f98c8e53409eed1b7c56a1db5896377419759c1
                                                                                        • Opcode Fuzzy Hash: 8e2cede675462a8d3edb56b0111bb7ce32f5d661d376446b61dc9dae9deccf9e
                                                                                        • Instruction Fuzzy Hash: C751E6B4E012299FCB04DFA9C584AEEFBF2BF88305F14C565D404A7355D734A982DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782E5D8 Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e0b3742ffb4154671a9b9c28a52950d5f5a5be9590850b8de043ca41ab661ca
                                                                                        • Instruction ID: ab6aafef4a0e1fc203633075d7ed9176afc9192e1dfb8c73686e77a6e43bb86b
                                                                                        • Opcode Fuzzy Hash: 6e0b3742ffb4154671a9b9c28a52950d5f5a5be9590850b8de043ca41ab661ca
                                                                                        • Instruction Fuzzy Hash: F3510874E14229CFDB18CF6AD955B9EBBF2BF89204F1081AAD408A7364DB309A45CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0782E5C8 Relevance: .1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.341024396.0000000007820000.00000040.00000800.00020000.00000000.sdmp, Offset: 07820000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7820000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 750a43d0746d041858981b00f9c8340a009da64ca32f9ceb2d56f7f0360e3eca
                                                                                        • Instruction ID: e60c560a02c539e5abb75eb4d0ae9d25783c2c5227506dab068d8be05c5a92f0
                                                                                        • Opcode Fuzzy Hash: 750a43d0746d041858981b00f9c8340a009da64ca32f9ceb2d56f7f0360e3eca
                                                                                        • Instruction Fuzzy Hash: 9B514A74E152298FCB18CF6AD955B9EBBF2BF89300F1480AAD408A7364DB309D45CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D9858 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 514549a942acd963af50368a4d299fa3d43110a8c3d88a9bab956fbcfe9cbe8d
                                                                                        • Instruction ID: c4286b243dd9a5140395e03a34bd2fa9417a0c3108b8e883b852d2c9d36e2992
                                                                                        • Opcode Fuzzy Hash: 514549a942acd963af50368a4d299fa3d43110a8c3d88a9bab956fbcfe9cbe8d
                                                                                        • Instruction Fuzzy Hash: 12414E71E116188BEB68DF6B8D4529AFBF3BFC9301F14C1BA990CA6214EB301A558F11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D3340 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0733351ec8ab0decd575ab400ef42fb2a42d70058c1dbce370987e06a0767485
                                                                                        • Instruction ID: 93cf4efc64b86324e9972b49d69f6eddae0f1d499abd4e1981a7f3a33e9a4691
                                                                                        • Opcode Fuzzy Hash: 0733351ec8ab0decd575ab400ef42fb2a42d70058c1dbce370987e06a0767485
                                                                                        • Instruction Fuzzy Hash: 1E21D8B1E016189BEB18CF6BD95069EBBF3BFC9200F14C1BAD908AB354EB3459458F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8C38 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3c92418e0bbedfa0cfc5c36dd4e8f1b4845dca2eba18799ec2abd067f298aa9e
                                                                                        • Instruction ID: 9347d2273a36eb567cfec3ef32a9f8f8d0ec887473c8d7f9737cf80687e0aea7
                                                                                        • Opcode Fuzzy Hash: 3c92418e0bbedfa0cfc5c36dd4e8f1b4845dca2eba18799ec2abd067f298aa9e
                                                                                        • Instruction Fuzzy Hash: DE11D771E116189BEB18CFABD8406DEFBF3BFCC200F04C07AC918AA224EB3015568E51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D8C29 Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0df1f7e927101a27fa9a5c5cfc6ca810983a32d85e4fb06c5dad9edbbe762901
                                                                                        • Instruction ID: 8d89e6f1679ed1737b9e400d6f12c7b97a02ce71cdb43bad2ac603399af86b98
                                                                                        • Opcode Fuzzy Hash: 0df1f7e927101a27fa9a5c5cfc6ca810983a32d85e4fb06c5dad9edbbe762901
                                                                                        • Instruction Fuzzy Hash: 7711BA71E116189BEB18CF6BD84069EFBF3BFC9200F04C47AC808AA264EB3415568F55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 085D3330 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.342251720.00000000085D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_85d0000_PO 059420.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 493e299d8ecbd7bf8fcbd77104b470d921d09c8ed36271fa84ecbddd616c7d75
                                                                                        • Instruction ID: 770dd498f6bc17a798db9e1ab29892e0a087cdd860b2a1d8561cb59890e81c49
                                                                                        • Opcode Fuzzy Hash: 493e299d8ecbd7bf8fcbd77104b470d921d09c8ed36271fa84ecbddd616c7d75
                                                                                        • Instruction Fuzzy Hash: 7821CE71E057158BEB18CF6BD94469EFBF3AFC8200F14C17AC918A6258EB3405558F11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:15.5%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:97
                                                                                        Total number of Limit Nodes:5
                                                                                        execution_graph 17301 551fd30 17302 551fd4d 17301->17302 17306 d330358 17302->17306 17318 d330348 17302->17318 17303 551fd70 17307 d33037f 17306->17307 17308 d3303d8 17307->17308 17330 d3317c4 17307->17330 17334 d3308d7 17307->17334 17338 d3309b0 17307->17338 17342 d3305b1 17307->17342 17347 d330f3c 17307->17347 17352 d33162e 17307->17352 17357 d33124e 17307->17357 17361 d330efe 17307->17361 17366 d33148e 17307->17366 17308->17303 17319 d330352 17318->17319 17320 d3303d8 17319->17320 17321 d3305b1 2 API calls 17319->17321 17322 d3309b0 2 API calls 17319->17322 17323 d3308d7 2 API calls 17319->17323 17324 d3317c4 2 API calls 17319->17324 17325 d33148e 2 API calls 17319->17325 17326 d330efe 2 API calls 17319->17326 17327 d33124e 2 API calls 17319->17327 17328 d33162e 2 API calls 17319->17328 17329 d330f3c 3 API calls 17319->17329 17320->17303 17321->17319 17322->17319 17323->17319 17324->17319 17325->17319 17326->17319 17327->17319 17328->17319 17329->17319 17370 d332130 17330->17370 17374 d332128 17330->17374 17331 d3317e8 17336 d332130 WriteProcessMemory 17334->17336 17337 d332128 WriteProcessMemory 17334->17337 17335 d3308ef 17336->17335 17337->17335 17340 d332130 WriteProcessMemory 17338->17340 17341 d332128 WriteProcessMemory 17338->17341 17339 d3309ca 17340->17339 17341->17339 17343 d3305f3 17342->17343 17344 d33076c 17343->17344 17378 d331b88 17343->17378 17382 d331b7d 17343->17382 17344->17307 17386 d332291 17347->17386 17391 d3322e8 17347->17391 17394 d3322e0 17347->17394 17348 d330f47 17353 d331634 17352->17353 17397 d331ef1 17353->17397 17401 d331ef8 17353->17401 17354 d331686 17405 d331fb8 17357->17405 17408 d331fb1 17357->17408 17358 d331266 17362 d330f05 17361->17362 17364 d331ef1 SetThreadContext 17362->17364 17365 d331ef8 SetThreadContext 17362->17365 17363 d330f13 17364->17363 17365->17363 17411 d332080 17366->17411 17414 d332088 17366->17414 17367 d3314a3 17371 d33217b WriteProcessMemory 17370->17371 17373 d3321cc 17371->17373 17373->17331 17375 d33217b WriteProcessMemory 17374->17375 17377 d3321cc 17375->17377 17377->17331 17379 d331c07 CreateProcessW 17378->17379 17381 d331cf0 17379->17381 17383 d331c07 CreateProcessW 17382->17383 17385 d331cf0 17383->17385 17387 d332301 ResumeThread 17386->17387 17388 d33229a 17386->17388 17390 d332356 17387->17390 17388->17348 17390->17348 17392 d332329 ResumeThread 17391->17392 17393 d332356 17392->17393 17393->17348 17395 d332329 ResumeThread 17394->17395 17396 d332356 17395->17396 17396->17348 17398 d331f40 SetThreadContext 17397->17398 17400 d331f7e 17398->17400 17400->17354 17402 d331f40 SetThreadContext 17401->17402 17404 d331f7e 17402->17404 17404->17354 17406 d332003 ReadProcessMemory 17405->17406 17407 d332046 17406->17407 17407->17358 17409 d332003 ReadProcessMemory 17408->17409 17410 d332046 17409->17410 17410->17358 17412 d3320cb VirtualAllocEx 17411->17412 17413 d332102 17412->17413 17413->17367 17415 d3320cb VirtualAllocEx 17414->17415 17416 d332102 17415->17416 17416->17367 17417 776bfd0 17418 776c018 VirtualProtect 17417->17418 17419 776c052 17418->17419 17290 d332a28 17291 d332bb3 17290->17291 17292 d332a4e 17290->17292 17292->17291 17295 d332ca2 17292->17295 17299 d332ca8 PostMessageW 17292->17299 17296 d332ca6 PostMessageW 17295->17296 17298 d332c4d 17295->17298 17297 d332d14 17296->17297 17297->17292 17298->17292 17300 d332d14 17299->17300 17300->17292

                                                                                        Executed Functions

                                                                                        Function 05514E70 Relevance: .9, Instructions: 893COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 667c5f80a82919d04eac6e779dea49b1d0b13a2f46262fc22593bf5eac657673
                                                                                        • Instruction ID: d0043681737432563ab6791a6f0d6759ae9f7634696b00bdb129360a22c3bf43
                                                                                        • Opcode Fuzzy Hash: 667c5f80a82919d04eac6e779dea49b1d0b13a2f46262fc22593bf5eac657673
                                                                                        • Instruction Fuzzy Hash: 02726F75A002199FDB14DFA4C884AAEBBF3BF88344F148469E806AB351EB34DD45CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551ECF0 Relevance: .2, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b1bfbaa2fb7d1f9d9fdc28603f91fe4ad61fbc0021fbc574bd62a5b5709687e0
                                                                                        • Instruction ID: 61ee09305c78dfbe55ccba57273e964b82460fc5a015e508d4d2d3ab49f14974
                                                                                        • Opcode Fuzzy Hash: b1bfbaa2fb7d1f9d9fdc28603f91fe4ad61fbc0021fbc574bd62a5b5709687e0
                                                                                        • Instruction Fuzzy Hash: 0E91F178E042099FDB08DFA9D8455EEBFB2FF89340F14852AE816AB764DB345902CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551ED00 Relevance: .2, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f22b51bc1c213cd958be59b723ff1cc83f433696dc26f63870f401bff550f4bc
                                                                                        • Instruction ID: e8806aff5496da0b5cb6a7b07366381aff78b7e7d44b7cf4274f1229014f98d5
                                                                                        • Opcode Fuzzy Hash: f22b51bc1c213cd958be59b723ff1cc83f433696dc26f63870f401bff550f4bc
                                                                                        • Instruction Fuzzy Hash: 1B91F274E102099FDB08DFA9D8455AEFFB2FF89340F10852AE816AB764DB345902CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331B7D Relevance: 1.6, APIs: 1, Instructions: 148processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 d331b7d-d331c13 2 d331c15-d331c1b 0->2 3 d331c1e-d331c25 0->3 2->3 4 d331c30-d331c46 3->4 5 d331c27-d331c2d 3->5 6 d331c51-d331cee CreateProcessW 4->6 7 d331c48-d331c4e 4->7 5->4 9 d331cf0-d331cf6 6->9 10 d331cf7-d331d6b 6->10 7->6 9->10 18 d331d7d-d331d84 10->18 19 d331d6d-d331d73 10->19 20 d331d86-d331d95 18->20 21 d331d9b 18->21 19->18 20->21 23 d331d9c 21->23 23->23
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0D331CDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: aa3d7c1a0c29f342ffea165a1eb7833d255483f5ba70beba14ad233cc4e94c7a
                                                                                        • Instruction ID: 2d24689afa00bcf26132905365b840787c9db9945e029f4ab037425f050d8f71
                                                                                        • Opcode Fuzzy Hash: aa3d7c1a0c29f342ffea165a1eb7833d255483f5ba70beba14ad233cc4e94c7a
                                                                                        • Instruction Fuzzy Hash: 44512871D01318DFDB64CF99C980BEDBBB5BF49314F14809AE808A7210DB359A89CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331B88 Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 24 d331b88-d331c13 26 d331c15-d331c1b 24->26 27 d331c1e-d331c25 24->27 26->27 28 d331c30-d331c46 27->28 29 d331c27-d331c2d 27->29 30 d331c51-d331cee CreateProcessW 28->30 31 d331c48-d331c4e 28->31 29->28 33 d331cf0-d331cf6 30->33 34 d331cf7-d331d6b 30->34 31->30 33->34 42 d331d7d-d331d84 34->42 43 d331d6d-d331d73 34->43 44 d331d86-d331d95 42->44 45 d331d9b 42->45 43->42 44->45 47 d331d9c 45->47 47->47
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0D331CDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: caaa9d513a52a3ca00c9e74f60b1b754e2b656e8713e76df0ebc151ac2b99fe4
                                                                                        • Instruction ID: 3788fe1901073056bb9c3ff4a10750a8960a4848d5f177a0305b83168e779b90
                                                                                        • Opcode Fuzzy Hash: caaa9d513a52a3ca00c9e74f60b1b754e2b656e8713e76df0ebc151ac2b99fe4
                                                                                        • Instruction Fuzzy Hash: 2E512671D00328DFDB24CF99C980BEEBBB5BF48314F14809AE808A7210CB319A88CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332CA2 Relevance: 1.6, APIs: 1, Instructions: 71windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 48 d332ca2-d332ca4 49 d332ca6-d332d12 PostMessageW 48->49 50 d332c4d-d332c77 48->50 51 d332d14-d332d1a 49->51 52 d332d1b-d332d2f 49->52 55 d332c80-d332c94 50->55 56 d332c79-d332c7f 50->56 51->52 56->55
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0D332D05
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 109a0a189de2900a588900fb37173d42e4783fee249838ed68c3b66a98d8933d
                                                                                        • Instruction ID: c7028f2672a89d3aca0e4953002d0040fdf2bf2d2c3ca9af9432f9c4f50da6c5
                                                                                        • Opcode Fuzzy Hash: 109a0a189de2900a588900fb37173d42e4783fee249838ed68c3b66a98d8933d
                                                                                        • Instruction Fuzzy Hash: A621F5B9900349DFDB10CF99D989BDEBBF4FB48318F20840AD554A7610C378A588CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332128 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 58 d332128-d332181 60 d332183-d33218f 58->60 61 d332191-d3321ca WriteProcessMemory 58->61 60->61 62 d3321d3-d3321f4 61->62 63 d3321cc-d3321d2 61->63 63->62
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0D3321BD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: a2a25e175c35234f85804823251bf815b15cd0698a007400daae6ba820ee1ddb
                                                                                        • Instruction ID: a0507dfce46d197c0ff58dc1cd897f40c12184d2b6884bb52a2ce03a8985ae41
                                                                                        • Opcode Fuzzy Hash: a2a25e175c35234f85804823251bf815b15cd0698a007400daae6ba820ee1ddb
                                                                                        • Instruction Fuzzy Hash: 5821F4B5A002599FCB10CF99D985BDEBBF4FB48314F04842AE958A7740D378AA44CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332130 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 65 d332130-d332181 67 d332183-d33218f 65->67 68 d332191-d3321ca WriteProcessMemory 65->68 67->68 69 d3321d3-d3321f4 68->69 70 d3321cc-d3321d2 68->70 70->69
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0D3321BD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: ad0a186a83c79a6fc320f7fea8acba35342e120d0f1eb18db3fe62a4fb0340a1
                                                                                        • Instruction ID: 3e80f5d8b780a7f555364e011b8498e34b00f605bcf5d7843b1feb9d92a26e5c
                                                                                        • Opcode Fuzzy Hash: ad0a186a83c79a6fc320f7fea8acba35342e120d0f1eb18db3fe62a4fb0340a1
                                                                                        • Instruction Fuzzy Hash: 912103B59003599FCB10CF9AD985BDEBBF4FB48314F00842AE918A3740D778A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331FB1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 72 d331fb1-d332044 ReadProcessMemory 74 d332046-d33204c 72->74 75 d33204d-d33206e 72->75 74->75
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0D332037
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 7a5660928a23774b0c13cf019a41407b611fcc9241237d3cad7d46fe8e8e3b01
                                                                                        • Instruction ID: fc8ebf79e1d13ee4b95122d6158912a8e186eec3acb00c2b5bdc1715d973fdb3
                                                                                        • Opcode Fuzzy Hash: 7a5660928a23774b0c13cf019a41407b611fcc9241237d3cad7d46fe8e8e3b01
                                                                                        • Instruction Fuzzy Hash: 3521E2B6901259DFCB10CF99D985BDEBBF4BF48314F10842AE958A3610D338A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332291 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 77 d332291-d332298 78 d332301-d332354 ResumeThread 77->78 79 d33229a-d3322b8 77->79 84 d332356-d33235c 78->84 85 d33235d-d332371 78->85 81 d3322ba 79->81 82 d3322bf-d3322d0 79->82 81->82 84->85
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: c91b03cb5e73a46b1c43724c7fe88934abca55ffd17802285dccf4c3fbaee7c5
                                                                                        • Instruction ID: 664ddb4f0f65a1b4162c011bf4736355cf2f819861e9b22c3a24f33b72bb277b
                                                                                        • Opcode Fuzzy Hash: c91b03cb5e73a46b1c43724c7fe88934abca55ffd17802285dccf4c3fbaee7c5
                                                                                        • Instruction Fuzzy Hash: 522124B4D043488FCB10CFA9E5547DEFBF0AF49218F2080AAD458A7750D739AA58CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331EF1 Relevance: 1.6, APIs: 1, Instructions: 60threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 88 d331ef1-d331f44 90 d331f50-d331f7c SetThreadContext 88->90 91 d331f46-d331f4e 88->91 92 d331f85-d331fa6 90->92 93 d331f7e-d331f84 90->93 91->90 93->92
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 0D331F6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: c5954bcb725f0b8087326130739739d108d782874f5b86e4f7972e8b5aa01886
                                                                                        • Instruction ID: 80a8df50561bcb76d239423c628f3d2c09a27d2612fcb54b99395fd36f21d352
                                                                                        • Opcode Fuzzy Hash: c5954bcb725f0b8087326130739739d108d782874f5b86e4f7972e8b5aa01886
                                                                                        • Instruction Fuzzy Hash: 5C2108B6D006599FCB00CF99D9857EEFBF4BF48214F14812AE418B3740D778A9558FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331FB8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 95 d331fb8-d332044 ReadProcessMemory 97 d332046-d33204c 95->97 98 d33204d-d33206e 95->98 97->98
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0D332037
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 6f3e9ef0f12e427864450b687ed6621e7fe9f455ebbdd09b5f0a466bc1652d19
                                                                                        • Instruction ID: 11622cb1bc473bbc7d89f84c7f298752a719b8f01a34d2a55c26575b798c90a3
                                                                                        • Opcode Fuzzy Hash: 6f3e9ef0f12e427864450b687ed6621e7fe9f455ebbdd09b5f0a466bc1652d19
                                                                                        • Instruction Fuzzy Hash: DD21F3B5900259DFCB10CF9AD884BDEBBF4FB48314F10842AE918A3610D378A944CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D331EF8 Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 100 d331ef8-d331f44 102 d331f50-d331f7c SetThreadContext 100->102 103 d331f46-d331f4e 100->103 104 d331f85-d331fa6 102->104 105 d331f7e-d331f84 102->105 103->102 105->104
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 0D331F6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: e8a1ae172b4f490f8230507b9de5532d8d3738131621ad45d7aef5408ac4c2bd
                                                                                        • Instruction ID: 12259d4ade6bec64698f0c4d9a99640fd1822bf6d84ea77adab8675d1a1aa913
                                                                                        • Opcode Fuzzy Hash: e8a1ae172b4f490f8230507b9de5532d8d3738131621ad45d7aef5408ac4c2bd
                                                                                        • Instruction Fuzzy Hash: 832108B1D002599FCB10CF9AC9457EEFBF4BB48214F14812AE418A3740D778A9548FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0776BFD0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 107 776bfd0-776c050 VirtualProtect 109 776c052-776c058 107->109 110 776c059-776c07a 107->110 109->110
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0776C043
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359476488.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7760000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 098f111c3cc3f12a5e9a99c7dc5c3eb36f87bf6e2795bac3904b8cf206874983
                                                                                        • Instruction ID: 49bfcbe593a956660ac1d6d0aebb4a2b84291322346ad7af7582c4309c44d3b8
                                                                                        • Opcode Fuzzy Hash: 098f111c3cc3f12a5e9a99c7dc5c3eb36f87bf6e2795bac3904b8cf206874983
                                                                                        • Instruction Fuzzy Hash: 952117B59002499FCB10CF9AC884BDFFBF4FB48324F108429E958A7640D378A949CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332080 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 112 d332080-d332100 VirtualAllocEx 114 d332102-d332108 112->114 115 d332109-d33211d 112->115 114->115
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0D3320F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 07ef2f9944987d998330b4d5a976a338083433cedc32682981ca06ef842906eb
                                                                                        • Instruction ID: 5c7097386bb84d63f2f0c13a6e9ad42e7b1018fab80fc8431d61c8eff54e8c9c
                                                                                        • Opcode Fuzzy Hash: 07ef2f9944987d998330b4d5a976a338083433cedc32682981ca06ef842906eb
                                                                                        • Instruction Fuzzy Hash: 551102BA900249DFCB10CF99D985BDEBBF4FB48324F14841AE528A7610C335A958CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332088 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 117 d332088-d332100 VirtualAllocEx 119 d332102-d332108 117->119 120 d332109-d33211d 117->120 119->120
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0D3320F3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: ccae2605dc149e6321cb44a702707b2cf678ba873490b3a2f67313eb305cbd38
                                                                                        • Instruction ID: c3666f7ce2a2e44ec674367ce2e763d03a6128ca39f2c8fdd0b3d8e3d769c9e6
                                                                                        • Opcode Fuzzy Hash: ccae2605dc149e6321cb44a702707b2cf678ba873490b3a2f67313eb305cbd38
                                                                                        • Instruction Fuzzy Hash: B81110B5900288DFCB10CF9AD984BDFBBF8FB48324F108419E528A7610C375A948CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D3322E0 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 122 d3322e0-d332354 ResumeThread 124 d332356-d33235c 122->124 125 d33235d-d332371 122->125 124->125
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: b05ee115a293d70ba65e63184acbca36de2760487d6a0016a8d4e518af099142
                                                                                        • Instruction ID: b3929c1955ea64b7ddc18a5ebdcbfc3165c342f34d206e823f5a4ceef27cea65
                                                                                        • Opcode Fuzzy Hash: b05ee115a293d70ba65e63184acbca36de2760487d6a0016a8d4e518af099142
                                                                                        • Instruction Fuzzy Hash: 5C1145B98002488FCB10CF9AD545BDEFBF4FB49328F24841AD458A7700C374A949CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D332CA8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 127 d332ca8-d332d12 PostMessageW 128 d332d14-d332d1a 127->128 129 d332d1b-d332d2f 127->129 128->129
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0D332D05
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: aa3bb7a63477d50d0a3419cfd43c3ef644a2db6daaf34879ee761571bb8c0369
                                                                                        • Instruction ID: d79beef91c13652534cf5a23a93458879efb24a1961b86939fd5353d5a98c060
                                                                                        • Opcode Fuzzy Hash: aa3bb7a63477d50d0a3419cfd43c3ef644a2db6daaf34879ee761571bb8c0369
                                                                                        • Instruction Fuzzy Hash: 9411D3B58013499FDB10CF99D985BDFBBF8EB48324F10841AE554A7600C374A984CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0D3322E8 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.359825073.000000000D330000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D330000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_d330000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 26a26780f9f5d5d2bf8fd5bcbc621032555e9a597d8148af2e342100511b3219
                                                                                        • Instruction ID: 16a62bf30411394d36c30dd03120584a14b8a26bb2c041c962286502a432ef8f
                                                                                        • Opcode Fuzzy Hash: 26a26780f9f5d5d2bf8fd5bcbc621032555e9a597d8148af2e342100511b3219
                                                                                        • Instruction Fuzzy Hash: D91115B58002488FCB10CF9AD545BDFFBF4EB48328F14841AD518A7700C774A948CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05516950 Relevance: .7, Instructions: 695COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 041d46d770406f0d99038b31004601f4658fb8ea1164954c5d8447e8ac3be1b4
                                                                                        • Instruction ID: 5887a420d7d1421e49e6a2998982ff0f1a715140e67a77159393e21e00aa512d
                                                                                        • Opcode Fuzzy Hash: 041d46d770406f0d99038b31004601f4658fb8ea1164954c5d8447e8ac3be1b4
                                                                                        • Instruction Fuzzy Hash: 9C523D74A0410CCFEB14DBA4D950BEEBBB3FB89304F1080A9D50A6BB51DB356E899F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05517790 Relevance: .6, Instructions: 637COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4c93b00bd68069aec3df020ac88e0e3ab1ea9b7e351cde3f433f041950eaf64b
                                                                                        • Instruction ID: 70013abbfbf6db0366c47208027073b6b45e240a0db7f5402488b8098bc04e58
                                                                                        • Opcode Fuzzy Hash: 4c93b00bd68069aec3df020ac88e0e3ab1ea9b7e351cde3f433f041950eaf64b
                                                                                        • Instruction Fuzzy Hash: 10423934614109DFDB14CF68C984EAABFF2FF88314F158659E8069B2A1D730ED51CBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05510006 Relevance: .5, Instructions: 544COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f70809f6efe59d5922c168766f7a03c3978b10171262438215508944106d3d76
                                                                                        • Instruction ID: b304526550792c53805785a2ca51d2fad67bb47a1bc2c806da6fd9f68947acba
                                                                                        • Opcode Fuzzy Hash: f70809f6efe59d5922c168766f7a03c3978b10171262438215508944106d3d76
                                                                                        • Instruction Fuzzy Hash: 28420630D04619CFDF15EFA8C8486DCBBB1BF49300F5186A9D5497B265EB30AAD9CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05510040 Relevance: .5, Instructions: 522COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fc8871a463823d0e92298a07a10412744939f797220720cfb23372c5ffc2bc19
                                                                                        • Instruction ID: dbbe7d1f7c439758bf3afd8fb8a8cf404efa22f07d6ec89ee0207d79e651ff4d
                                                                                        • Opcode Fuzzy Hash: fc8871a463823d0e92298a07a10412744939f797220720cfb23372c5ffc2bc19
                                                                                        • Instruction Fuzzy Hash: 1342E330D14619CFDF15EFA8C8486DCBBB1BF49300F5186A9D5497B264EB30AAD9CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055107F0 Relevance: .5, Instructions: 481COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e6acfb2e617479a0c152a4dc8e69f32d1d6181c8027f5dc7a9ad440a4e22051
                                                                                        • Instruction ID: 7d87aa0badcbd7f273e9c0394ef57fb768137136505f9fa6ac0c6c7f66f3695d
                                                                                        • Opcode Fuzzy Hash: 0e6acfb2e617479a0c152a4dc8e69f32d1d6181c8027f5dc7a9ad440a4e22051
                                                                                        • Instruction Fuzzy Hash: A7227131A00309CFDF11DF64C454ADDBBB2FF85344F1086AAD949AB260EB34EA85CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05515BB0 Relevance: .5, Instructions: 477COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c2cac777fc761222740858cafe249331cd56c4c7995a8d17c1520e7a3af972a7
                                                                                        • Instruction ID: 0f4e2183eae26db2c6ba98c7a26ead141b5cfe339a6a4e2c4fbdff4e5df1bbfa
                                                                                        • Opcode Fuzzy Hash: c2cac777fc761222740858cafe249331cd56c4c7995a8d17c1520e7a3af972a7
                                                                                        • Instruction Fuzzy Hash: 30126970A002489FDB24CF68D584EAEBBF2BF88314F148599E94A9B761DB30ED45CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05514260 Relevance: .4, Instructions: 435COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d30183e5ef10d6b2af8d1cbf630a733870645d26cf6cbe8d52044f55df9b85c0
                                                                                        • Instruction ID: a78859c3c6bcb4bf95eb15e79edad57d5c91687160fe6824eb6d185115b32412
                                                                                        • Opcode Fuzzy Hash: d30183e5ef10d6b2af8d1cbf630a733870645d26cf6cbe8d52044f55df9b85c0
                                                                                        • Instruction Fuzzy Hash: F1E19930704214DFEF14AB64D858BBE7BA7FB88349F148429E906CB790DB78DC468799
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05518470 Relevance: .4, Instructions: 409COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bdd858712d88c13dd8e51e5f8839ca84eaf8c93bf348b1059484dc46826653d7
                                                                                        • Instruction ID: ff2ce9c84799f56f5e8705e0fb9af720c52b4f1b11be496c8c0d18c10ae28ca5
                                                                                        • Opcode Fuzzy Hash: bdd858712d88c13dd8e51e5f8839ca84eaf8c93bf348b1059484dc46826653d7
                                                                                        • Instruction Fuzzy Hash: 60F12D75E045159FDB14CF68C888AADBBF6FF88310F1685A9E819AB361CB30EC45CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D702 Relevance: .3, Instructions: 301COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d588dbd38f287ebcb9142370310eedc42b5fea0d4e291e196a0eaf9e8a98a952
                                                                                        • Instruction ID: 22b0e04142bf52a67dedcec1ab92ff2f86c47cd76ede0c02ad4504a89412788a
                                                                                        • Opcode Fuzzy Hash: d588dbd38f287ebcb9142370310eedc42b5fea0d4e291e196a0eaf9e8a98a952
                                                                                        • Instruction Fuzzy Hash: D3B18835A002199FDB05DF64D884AEEBBB3BF88344F148429EC069B390DB38DD56CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512DE0 Relevance: .2, Instructions: 239COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 144f7bf03b3d18f57891c0348fe4496161eb021e6c522261dbd437a04a94546d
                                                                                        • Instruction ID: ab6d78a2cc49524c7d4f64d41f483b1e10f2c3efbffb8bfb7bf72a6eed7043b0
                                                                                        • Opcode Fuzzy Hash: 144f7bf03b3d18f57891c0348fe4496161eb021e6c522261dbd437a04a94546d
                                                                                        • Instruction Fuzzy Hash: F281F274B042199FEB14DB69C894BBEBFF2FB88204F148429D815AB341CB34AC45CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05514950 Relevance: .2, Instructions: 229COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e6589bcf7627139f781b3c01ec4c27fe66e3c7dd14351e37e9f9c188de22cf9
                                                                                        • Instruction ID: 0e79fb903fc297ffafb630018787874a039906522b89e3aba575726f68b3a31f
                                                                                        • Opcode Fuzzy Hash: 0e6589bcf7627139f781b3c01ec4c27fe66e3c7dd14351e37e9f9c188de22cf9
                                                                                        • Instruction Fuzzy Hash: 5181C174B04105CFEF14CF68C584AAABBB6FF88354B169169D806EB760D732EC41CB98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05517548 Relevance: .2, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1bbfb1fcf11732c91e9776482f4b2db40a50e262a0b5ae97e53fd0dd95696a63
                                                                                        • Instruction ID: 2622ffa31608dbd95b72c583aff4df3ab0a1785361ea09e52baf4696a56c364e
                                                                                        • Opcode Fuzzy Hash: 1bbfb1fcf11732c91e9776482f4b2db40a50e262a0b5ae97e53fd0dd95696a63
                                                                                        • Instruction Fuzzy Hash: 3D917B71A14249DFDF05CFA8C844AEDBFB2FF8C310F14855AE806AB291D770A955CB58
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551C409 Relevance: .2, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1f3fcfa284b317fd6e246f58fcfee2ec6a1c79576ba9799fda5ca2387e67077e
                                                                                        • Instruction ID: bc116f92d9a00f48a993c57eeaa48bba39d658c009b4fbf43510c11aaae3be73
                                                                                        • Opcode Fuzzy Hash: 1f3fcfa284b317fd6e246f58fcfee2ec6a1c79576ba9799fda5ca2387e67077e
                                                                                        • Instruction Fuzzy Hash: EA911675E00229CFDF14DFA4C984BDEBBB2BF49304F1480A9D809AB261DB759A85CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05516190 Relevance: .2, Instructions: 201COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff01d734a1254065d918863f0d8aad592982f10f5e2fc662f6888e7cc20a2c0f
                                                                                        • Instruction ID: f750d7be7a2c601790c321b4f723fde1c927483b03b7d4560170e1d20ca54d10
                                                                                        • Opcode Fuzzy Hash: ff01d734a1254065d918863f0d8aad592982f10f5e2fc662f6888e7cc20a2c0f
                                                                                        • Instruction Fuzzy Hash: 317117347042058FEB15DF69C888A7E7BF6BF89304B1904A9E816CB7A1DB74EC41CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D0E8 Relevance: .2, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba3f6a91b9bc48d4f95212a4f1a3935455cec82a93545f1f65f05e94204a0c30
                                                                                        • Instruction ID: 8cd34d3c2bce17e9cc60939b40c586c426f6c37b5959a4bf98d8aad0614c373c
                                                                                        • Opcode Fuzzy Hash: ba3f6a91b9bc48d4f95212a4f1a3935455cec82a93545f1f65f05e94204a0c30
                                                                                        • Instruction Fuzzy Hash: D2616B31B001149FDB14DFA8D858AADBBB2FF88750F144429ED12AB360DB75EC41CBA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551AAF8 Relevance: .2, Instructions: 163COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da9f73cc2cdff5e39f762e06ff84f13d41ef0b57befe5254b78de5de5d4edf0c
                                                                                        • Instruction ID: 1b933a7ff67b153e2494ad768cbc8572417222196fef4c867fda595a668b93b7
                                                                                        • Opcode Fuzzy Hash: da9f73cc2cdff5e39f762e06ff84f13d41ef0b57befe5254b78de5de5d4edf0c
                                                                                        • Instruction Fuzzy Hash: 68518B71E092488FDB05DFA9D891ADDBFB2FF89304F04806AD445EB395EB345845CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551A930 Relevance: .2, Instructions: 157COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7d4605ba4a71f1f55599fc33537736e7dbebe83a8422293fd9ec66e45af753ba
                                                                                        • Instruction ID: 7f3704556046be64246e2c70f4c185cc8bf9dbe865286c622d9931f950d196d5
                                                                                        • Opcode Fuzzy Hash: 7d4605ba4a71f1f55599fc33537736e7dbebe83a8422293fd9ec66e45af753ba
                                                                                        • Instruction Fuzzy Hash: C051EF31B002058FDB11EB78D9488BEBBF7FFC5224714892AE429DB351DB309C098790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05510E38 Relevance: .2, Instructions: 155COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9d73356440f362c7dc88c8c6a1b7bd154d49d49876d2abec176d1446dff0181
                                                                                        • Instruction ID: 2ffe0aebcb4958aad4c334e9666d30debdc08b9aaf498aa0bb0cfe3be86c4c26
                                                                                        • Opcode Fuzzy Hash: f9d73356440f362c7dc88c8c6a1b7bd154d49d49876d2abec176d1446dff0181
                                                                                        • Instruction Fuzzy Hash: 9F611771A1462ADFDF14CFA9E8899AEBFB1FF48300F118069E845A7264D73099A4CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05510E48 Relevance: .2, Instructions: 151COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d0f3daf83a804b9a7b7300398218d50c0a6d62900d2e3e398210b70c08406da7
                                                                                        • Instruction ID: d8b8b122acc8fa2f7e2dd0798b3f77025e5af3cc84e62b0dac0694262580bbcc
                                                                                        • Opcode Fuzzy Hash: d0f3daf83a804b9a7b7300398218d50c0a6d62900d2e3e398210b70c08406da7
                                                                                        • Instruction Fuzzy Hash: B1510771A1062ADFDF14CFA9E8899EEBBB1FF48300F118029E845A7264D73099A4CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055176AB Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9bd9f07a87d9fdf819d53cb676740ffd7cecbf89a8cbd7a0aea6508477eae849
                                                                                        • Instruction ID: d41400a8ce0036e7d6f03f1d6b04c96fd18b889574df8989c61bdeaa2e7b6135
                                                                                        • Opcode Fuzzy Hash: 9bd9f07a87d9fdf819d53cb676740ffd7cecbf89a8cbd7a0aea6508477eae849
                                                                                        • Instruction Fuzzy Hash: BD417031A14249EFDF15CFA8C844AEDBFB2FF49310F008556E8159B291D771E914CBA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D84F Relevance: .1, Instructions: 117COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a72fa84a3694a0d133fe12e45779da72156d43b342c27bde511327d83767ffc
                                                                                        • Instruction ID: 052adeca1c5a2d8623b055271f6c2e264f6d7d6d3ffb0e11f53d8f0abf20df2a
                                                                                        • Opcode Fuzzy Hash: 6a72fa84a3694a0d133fe12e45779da72156d43b342c27bde511327d83767ffc
                                                                                        • Instruction Fuzzy Hash: 024123356001199FDF05AF64E845AEE7BB7FB88354F048429E8029B294CB389D96CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551F100 Relevance: .1, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c45feda813d0b8d11e3c78c0f362ad429ed96c29f8b439b458deaeb76e41cf4
                                                                                        • Instruction ID: 9060034986be54e17f28a5c065c91325f4a04380e1fc3eea2a5d91b45c3b2ce9
                                                                                        • Opcode Fuzzy Hash: 7c45feda813d0b8d11e3c78c0f362ad429ed96c29f8b439b458deaeb76e41cf4
                                                                                        • Instruction Fuzzy Hash: 91413674E15209DFDB08CFA9E9856EEBBF2FF88300F10856AD415A7254DB345A09CF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551F110 Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 448157ee2b4fe442a265acfa5027844cff3f2416d530419e9627f9c27ff772f6
                                                                                        • Instruction ID: fce39a8d1738344488383cb402ee5a055fb224fd4b4b787f5e08f818f59c36c4
                                                                                        • Opcode Fuzzy Hash: 448157ee2b4fe442a265acfa5027844cff3f2416d530419e9627f9c27ff772f6
                                                                                        • Instruction Fuzzy Hash: 1E412674E05209DFDB04CFA9D9855EEBBF2FF88300F10846AD415A7254DB345A05CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551ABA8 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7e3932383525fbce25bf51cc684dda28f00377a628583ff391fe21786d5d74a
                                                                                        • Instruction ID: 932a7a125c3dc4475bed0899333a81e0d3825b508a4881dd5167696074ed3b70
                                                                                        • Opcode Fuzzy Hash: d7e3932383525fbce25bf51cc684dda28f00377a628583ff391fe21786d5d74a
                                                                                        • Instruction Fuzzy Hash: 8541A2B5E012489FDB48DFA9D855ADEBBF2BF88304F10802AE819B7354DB345945CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551194A Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ee6fc4c35cb495b82e744c227b8e550d417f924a9dcfa70b02300339b5b9184
                                                                                        • Instruction ID: 83c5aa74a53059ef71d2e1566d1e424d42cd196542f78c2f8ca9e8d915208a4e
                                                                                        • Opcode Fuzzy Hash: 0ee6fc4c35cb495b82e744c227b8e550d417f924a9dcfa70b02300339b5b9184
                                                                                        • Instruction Fuzzy Hash: 5B413275A10609DFCB04EF98C844CDDFBB6FF89310B018699E515AB325EB70AD45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511950 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b2865f843403703cd3ffbf45fb1573cc24159d32a2899f64574e516cc27b1405
                                                                                        • Instruction ID: 83b22f2cc282692562b929783da2e21dfc50226fe9e8c1fc017c4ea5c093ddc2
                                                                                        • Opcode Fuzzy Hash: b2865f843403703cd3ffbf45fb1573cc24159d32a2899f64574e516cc27b1405
                                                                                        • Instruction Fuzzy Hash: 56414375A10609DFCB04EF98C844C9DFBB6FF89300B018699E515AB325EB70BD45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055182B8 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e9d445148dfd864c3c646603ba2cdfb6351f5e811d0dc06f4b8699bdbef01753
                                                                                        • Instruction ID: 714e16c1d4cca12420580caa3628e210bf723ef25019b1ad4640fef1ce8df2b0
                                                                                        • Opcode Fuzzy Hash: e9d445148dfd864c3c646603ba2cdfb6351f5e811d0dc06f4b8699bdbef01753
                                                                                        • Instruction Fuzzy Hash: B131D0357042449FDB149B64D854BEE7BB7BF89200F18406DE906EB791CF389C05CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05513498 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 102b0c02a465ddedc597358915ba81d085b6e6a2836d58be71639b2b350e9367
                                                                                        • Instruction ID: 36ca6cb767d492aa6801ea9ded98a81091b962e73bbfa5e69bc67c655791ddaa
                                                                                        • Opcode Fuzzy Hash: 102b0c02a465ddedc597358915ba81d085b6e6a2836d58be71639b2b350e9367
                                                                                        • Instruction Fuzzy Hash: B6317C35704209DFEB059F64E858ABE3BA2FB88711F018429FD0697364CB38DD11DBA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05518460 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 114f66dc5649cded36d1d1040bfd06cac96af3018cb8c4f3fe0fbc850d970602
                                                                                        • Instruction ID: 522b3ff59d793d9fa6df87024bd04694a5031e18b04b02c8b1ba446148763c8f
                                                                                        • Opcode Fuzzy Hash: 114f66dc5649cded36d1d1040bfd06cac96af3018cb8c4f3fe0fbc850d970602
                                                                                        • Instruction Fuzzy Hash: 3E318170E041159FDB14CF68C894AAEBBB2FF85710B158169E815AB3A2CB34EC01CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05516428 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3096a873a597e996dac7167268020dd12b1205e795161a6ea1e2db478c49a8d
                                                                                        • Instruction ID: 634db1ef17a764adfa5d61ad24890b6e4e9e3f8376bc43130bb9a04e6ae00b39
                                                                                        • Opcode Fuzzy Hash: a3096a873a597e996dac7167268020dd12b1205e795161a6ea1e2db478c49a8d
                                                                                        • Instruction Fuzzy Hash: 4021D3313042118FFB155739A4A4A7D2EA7BFD5618709407DED03CBB95DE2DCC019799
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05516438 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a45bbd925e94603402629d50c1f0622797c873a796dbf5e4f2eddc10d2f45d32
                                                                                        • Instruction ID: 875d6e811ed5367bae18ae6a7b7657e9b7c672a4e3ba8b9a916f2925a3dd8773
                                                                                        • Opcode Fuzzy Hash: a45bbd925e94603402629d50c1f0622797c873a796dbf5e4f2eddc10d2f45d32
                                                                                        • Instruction Fuzzy Hash: E52192303042158BFB146639E4A4A7E2E97BFD4658F158039E903CBB98DE7DCC419799
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05513467 Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce02cac37eb0e8a3b421d853d02e25e2bcdbfd81878af2e1595547ce4e5c85cb
                                                                                        • Instruction ID: 5269b387d055afbd9f6df9aa9adafa6f96d83cd5a7ee7eedf2ff1e7e459da761
                                                                                        • Opcode Fuzzy Hash: ce02cac37eb0e8a3b421d853d02e25e2bcdbfd81878af2e1595547ce4e5c85cb
                                                                                        • Instruction Fuzzy Hash: 6C21B231204258DFEB05AF28E468BAA3BA2FF45755F018429EC468B361C738DD46DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551CFE6 Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a6e2de13d351b0c099e2e52d756b0e8c61a54b2ac3324ec26af3b7739181875
                                                                                        • Instruction ID: c64216a407b23ac2acefd81031abfdc2637dee3a100dc7d8038202112c489ac6
                                                                                        • Opcode Fuzzy Hash: 4a6e2de13d351b0c099e2e52d756b0e8c61a54b2ac3324ec26af3b7739181875
                                                                                        • Instruction Fuzzy Hash: 1621F170B04104AFEB14DB74CC45BFE7FB2EB85340F50C06AE805EB280DA39AE0A8B55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055196A9 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d479acfbe90e453b7cf9a14554e3af10a6d19e62809dbd60c768de29ced8b513
                                                                                        • Instruction ID: 312274effb1a6ef4af16c47b4f614e2091315956212531b72459fa62ddca0daf
                                                                                        • Opcode Fuzzy Hash: d479acfbe90e453b7cf9a14554e3af10a6d19e62809dbd60c768de29ced8b513
                                                                                        • Instruction Fuzzy Hash: 3F319C74A08219DBEF14DFA4D964BEEBFB1FF49304F104828E801A7698DB75A905CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512598 Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa0cf0072688229332cb26d47a4b2cea20a57e304f64a8bbadbf28b726595bdb
                                                                                        • Instruction ID: a70961ff6707b450a033418680b521f5cc7ce1774baa48342917cc4cb8948767
                                                                                        • Opcode Fuzzy Hash: aa0cf0072688229332cb26d47a4b2cea20a57e304f64a8bbadbf28b726595bdb
                                                                                        • Instruction Fuzzy Hash: D8218E35E006098FDF01EB69D4946AEBBF5FF88310F01816AD919E7250EB349985CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055147B8 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1fe29147a1cbcce28a249017bb63ae41d66a160a1dfe975778cad86b9d4030ed
                                                                                        • Instruction ID: 2dd18b132f6e1dc68ebfe3ed8f3c66720f125775174e79a92493f43ab860137c
                                                                                        • Opcode Fuzzy Hash: 1fe29147a1cbcce28a249017bb63ae41d66a160a1dfe975778cad86b9d4030ed
                                                                                        • Instruction Fuzzy Hash: D7210239700660EBDB189B29E498A3FB7A2FF897557058029ED06DB354CF34DC0287D4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05514237 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d285153c90de916c89af6fb7958105e3e4dbf35ba1541fd830f7679f247fe7f6
                                                                                        • Instruction ID: 034c812fa602f7dec799b2d2d31c52c87f08ab3d57802bdbacdb5fa71344e1de
                                                                                        • Opcode Fuzzy Hash: d285153c90de916c89af6fb7958105e3e4dbf35ba1541fd830f7679f247fe7f6
                                                                                        • Instruction Fuzzy Hash: 7821FD31A04651CFEB00CB68D448B69BF62FB85722F0581BAD816CB291D774DC82C799
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511249 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ae5d042a5a28f91589b90c248da2647e9b69eac89f466e30845e0eb60ca1357
                                                                                        • Instruction ID: 595e13f54cb7e9633b94df59dc4aa3959efad5a6d23898f86226ca7f14c688d5
                                                                                        • Opcode Fuzzy Hash: 2ae5d042a5a28f91589b90c248da2647e9b69eac89f466e30845e0eb60ca1357
                                                                                        • Instruction Fuzzy Hash: E7218E32B14A108FD700DF69D844A6A7BF9FF8A610B1541EAEA05CB231EB70DC01CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D510 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 80bd753b256a62b46e7c37aeb4290421d4c959a904e1867518b949505052bc41
                                                                                        • Instruction ID: 10c2753139064f99d046afed6cd4414a7484a8672e5aad9479fb787cd23b5520
                                                                                        • Opcode Fuzzy Hash: 80bd753b256a62b46e7c37aeb4290421d4c959a904e1867518b949505052bc41
                                                                                        • Instruction Fuzzy Hash: 09214875A042069FDB10DF68C4C8D6EBFB2FB89218F164066E905DB365D734E880CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551A6E8 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 947a32f98ec8a0784d9d5fde036b30b12713047968c6dd290336bdc47546e5b8
                                                                                        • Instruction ID: c6eb7379a90a8d3b6f89ae800bbe62ae9905139a989802c409237615163554e2
                                                                                        • Opcode Fuzzy Hash: 947a32f98ec8a0784d9d5fde036b30b12713047968c6dd290336bdc47546e5b8
                                                                                        • Instruction Fuzzy Hash: D421C0343052449FD3149B29D854F66BBE6FF8A704F5980ADE105CF7B2CA35EC058790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511258 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b63820a8dfc480998a646f3f78faba3314bdf4a54e4afed8be7d2a986428cf3f
                                                                                        • Instruction ID: ff0a08b8d59005a072fc8a37b306c6339664e4f6e811cf843d7e781556d7d399
                                                                                        • Opcode Fuzzy Hash: b63820a8dfc480998a646f3f78faba3314bdf4a54e4afed8be7d2a986428cf3f
                                                                                        • Instruction Fuzzy Hash: 3F2150317149148FD700DF6DD854A5A7BE9FF89601B1541AAEA05DB731EB70DC41CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511830 Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd05b5fd01bc8c26f0cdf4587702e1f9c86f9123aa27b0a6b7b3087d002e9a8d
                                                                                        • Instruction ID: 04f388f2c8f0bceb4c8043a979a3544d0d63edd9b3f0623420b88892b2599703
                                                                                        • Opcode Fuzzy Hash: bd05b5fd01bc8c26f0cdf4587702e1f9c86f9123aa27b0a6b7b3087d002e9a8d
                                                                                        • Instruction Fuzzy Hash: 53213175A0020A8FDF04DF69C8848AEBBF5FF883007108569D905A7351EB30A945CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511823 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9fd8336b8eeaf51e3a7955eac90a352082ecd1fa60c55a15b73336c78de8f0f
                                                                                        • Instruction ID: f63bec1820dabf36e67adc294a5898ea76c1838d714dae550f7a0fbdc068b577
                                                                                        • Opcode Fuzzy Hash: c9fd8336b8eeaf51e3a7955eac90a352082ecd1fa60c55a15b73336c78de8f0f
                                                                                        • Instruction Fuzzy Hash: 5A214F75A012058FDF44DF69D8848AEBBF5FF8930071185A9E906EB351EB30AD45CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551F019 Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e300e02cb0ccc4c5a769e25c2c42fdae81d2cbecadb61b588b3343b0d8f9ed8
                                                                                        • Instruction ID: 9794e9a550f28650729af1e2a1ad069b703743b6f8bbf09288f195012a6e4e6d
                                                                                        • Opcode Fuzzy Hash: 2e300e02cb0ccc4c5a769e25c2c42fdae81d2cbecadb61b588b3343b0d8f9ed8
                                                                                        • Instruction Fuzzy Hash: 55212874E15209DFDB44DFB9D5411EEBFB2FF89200F2084AAD90AE3314E6349B418B64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055182A8 Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9de55b89f40a1bffdab41ef5a6ef156520204610ae903b8812968d2c4806fb73
                                                                                        • Instruction ID: 35ace756a17d22a56d19fff8cb711c2ac1e1e252791681ac209649ae9c5d7860
                                                                                        • Opcode Fuzzy Hash: 9de55b89f40a1bffdab41ef5a6ef156520204610ae903b8812968d2c4806fb73
                                                                                        • Instruction Fuzzy Hash: FC211A36700204DFDB149E64D888BEEBBB6FF8C350F14416AE916A7750DB71AD11CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551AAD0 Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 87d9ab5518a7698969fa194e5f52e8d416327505fdad18161b0ba865d186bc8b
                                                                                        • Instruction ID: 35897f40cc0fcaeae6ca050418e759a44740c2b79927e6b2365206e57eb04d47
                                                                                        • Opcode Fuzzy Hash: 87d9ab5518a7698969fa194e5f52e8d416327505fdad18161b0ba865d186bc8b
                                                                                        • Instruction Fuzzy Hash: 0A31B1B0D412189BDB20CF99C988BDEBFF5BB08364F148459E804BB250C7B55949CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D4FF Relevance: .1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7f29866781f5de49113115926c07f5f447fb413272788ac1e20f43fe7c34ccf1
                                                                                        • Instruction ID: 96a1b47182756e8cba601fd75c572f1850c7b0a73e0cdd669c28d9063a0d3d1b
                                                                                        • Opcode Fuzzy Hash: 7f29866781f5de49113115926c07f5f447fb413272788ac1e20f43fe7c34ccf1
                                                                                        • Instruction Fuzzy Hash: B01148327042659BFB20567EA858D6ABFFEFF862947014036DD05CF221EBE8D80483B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551B07D Relevance: .1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f5f839ace94918d32525c67dcb98358da75923e0c869ee0b32337eee6b3403b0
                                                                                        • Instruction ID: 24c60257aa5b9a392883f9da3169136f6c51e69d4af2c63a263b28e626eb6be1
                                                                                        • Opcode Fuzzy Hash: f5f839ace94918d32525c67dcb98358da75923e0c869ee0b32337eee6b3403b0
                                                                                        • Instruction Fuzzy Hash: 1231D1B0D41258DFDB20CFA9C989BDEBFF1BB08324F24841AD448BB650C7795949CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055197B1 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 12243749f52016479932eb45dc7143ae9cb272c687547dabdb6fc395c5868dd0
                                                                                        • Instruction ID: e86d2a15d8b9fb150d9cce55dcdca11b8d2ddf02ec90aba50e6a830c7fd84f77
                                                                                        • Opcode Fuzzy Hash: 12243749f52016479932eb45dc7143ae9cb272c687547dabdb6fc395c5868dd0
                                                                                        • Instruction Fuzzy Hash: 65216D70E05148EFEB08DFA5D950AEDBFB6BF49205F148019E841B7250DB30DA45DF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055147A8 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d597905eeed2821915757f08d46ab887a6258b63f7ca73918361152ad4adf575
                                                                                        • Instruction ID: cae033034ef228cea77a154e01994984949e466fb2d6bb978cc51b0d064895b5
                                                                                        • Opcode Fuzzy Hash: d597905eeed2821915757f08d46ab887a6258b63f7ca73918361152ad4adf575
                                                                                        • Instruction Fuzzy Hash: C7112735705650EFDB159B29E494A3ABBA2FF85755305406AED06DB360CF34DC02C7D4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551A6D8 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 170ad4824f95bb69b25c63ae9e8a05f39ee14ed8bad23a801342fe681b040a9a
                                                                                        • Instruction ID: f6b03dfc548ec63c0fcf4ef04d2906ac0b22a1e18759a3f8a3acfde5ec503e08
                                                                                        • Opcode Fuzzy Hash: 170ad4824f95bb69b25c63ae9e8a05f39ee14ed8bad23a801342fe681b040a9a
                                                                                        • Instruction Fuzzy Hash: A611BE383012448FD314DB29D844F96BFE6FF8A710F1980A9E0098F3B2CA35EC098791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551D0DA Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f103410c67281b027253612f5795ee10d8a8117cb43d23482730715e22e15b7c
                                                                                        • Instruction ID: 7d867534ab450824846809d8729da6cd4515f2dca19c8a107c498e923f0141e4
                                                                                        • Opcode Fuzzy Hash: f103410c67281b027253612f5795ee10d8a8117cb43d23482730715e22e15b7c
                                                                                        • Instruction Fuzzy Hash: 8D211635A00108DFCF04DFA8D944AEDBBB2FF88310F104429E902A7250DB71AD54DBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551AEC7 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c30c51e12abd802dba028eb4c1852482c9f461709f54de2e4b43983769ba9a66
                                                                                        • Instruction ID: d59023acfff74a348524616998e94524a07267fe83c7b3a080c5eda85cbc7119
                                                                                        • Opcode Fuzzy Hash: c30c51e12abd802dba028eb4c1852482c9f461709f54de2e4b43983769ba9a66
                                                                                        • Instruction Fuzzy Hash: EB119176A012064F9B12EF79D8449BFBFB7FBC5260B15452AE859D7241DB308A0687A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551ADF8 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4816515b402adefcfa38558baafb286397eb0705967bbb0eafbb9e797a665454
                                                                                        • Instruction ID: 95e1ecfed730d3e89359fd86c32444fe9d9726d6cfe601ee2fafa801f94afaad
                                                                                        • Opcode Fuzzy Hash: 4816515b402adefcfa38558baafb286397eb0705967bbb0eafbb9e797a665454
                                                                                        • Instruction Fuzzy Hash: FE114C31B112198B9B15EBB8D8116FEBAF2BFC4354B100139C905EB244EF35DD158BE9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055121F0 Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b3beb986bb6948f7c75820c127577eb28201bdf503a38423092eb3609d46efcb
                                                                                        • Instruction ID: 4dbee58fe3c4bc42fa3f767fc1aeb154c4caa2bda987fc0e6c04275e61d9292a
                                                                                        • Opcode Fuzzy Hash: b3beb986bb6948f7c75820c127577eb28201bdf503a38423092eb3609d46efcb
                                                                                        • Instruction Fuzzy Hash: D811FE343051518FD704873DC844E797BE5BFC6524B2541EAD54ACB7B2CB20DC02C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05519052 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c4865e0c58a8d46f8026713bb2efdba72c449664ae16d3629fab3e9362503240
                                                                                        • Instruction ID: 70c03955ce0666b8986c905df12da8b146642ada77f02c53e7ce2b4def4b45f6
                                                                                        • Opcode Fuzzy Hash: c4865e0c58a8d46f8026713bb2efdba72c449664ae16d3629fab3e9362503240
                                                                                        • Instruction Fuzzy Hash: F401D1363105108BDA19A7789842A9F77A7ABD5718354892ED049CB742CF3DD80787A9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FAE1 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7a83c30ffde33b09cddafdfcdaf80c4dbc41fd7f1e3c428cc49fcae9b1f58483
                                                                                        • Instruction ID: af5d91d9630e22e5c35ff84eae7d4b91b71c5874861d59544999afd8604eb548
                                                                                        • Opcode Fuzzy Hash: 7a83c30ffde33b09cddafdfcdaf80c4dbc41fd7f1e3c428cc49fcae9b1f58483
                                                                                        • Instruction Fuzzy Hash: 28018C74D042189FCB19CFA8E9506DDBFB0FF0A319F2082EAE81497761C7355650CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05517F88 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3f8c4afb30c54577a50478b18578fe3901c8098ee288650bf7a5c5f61ee7eba
                                                                                        • Instruction ID: bf9ff9d397d2cbfaa64cd68fbb382508d30e8b1a84fe20be2a2f0c50b302c01f
                                                                                        • Opcode Fuzzy Hash: e3f8c4afb30c54577a50478b18578fe3901c8098ee288650bf7a5c5f61ee7eba
                                                                                        • Instruction Fuzzy Hash: 71F012393189144BA7159A2ED444E2B7BDEFFCCA653160079FD06CB361DE60DC42C794
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512178 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 567b297f0c79187bc83eb62679fd6a62d79fc2bc2625f100f8ab45616286c6f8
                                                                                        • Instruction ID: dfe7be1683f726f98687d2b66b5df4a56192957778446ef75ebe5d395fefd147
                                                                                        • Opcode Fuzzy Hash: 567b297f0c79187bc83eb62679fd6a62d79fc2bc2625f100f8ab45616286c6f8
                                                                                        • Instruction Fuzzy Hash: B601A4343140108FE7049B2DD858E797BE6AFC9A14B2981BAE54ACB361CE21DC01C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551B43D Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e91513f4b4e89eab35bb641169da99551b16d987ba5d8176f2d5e7d93382d782
                                                                                        • Instruction ID: 24599019aebae0e3376f1e875edcecee84386297752e453bf2c968b22b96f8c9
                                                                                        • Opcode Fuzzy Hash: e91513f4b4e89eab35bb641169da99551b16d987ba5d8176f2d5e7d93382d782
                                                                                        • Instruction Fuzzy Hash: 090108B5900219DFEB10DF65D4443ED7BB2FF49324F14C659E825AA1A0D7B44A44CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551B4D8 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec87994e762dec050e341228c386e168b59c6fbe8654f1cda5c9f4c5cfe55006
                                                                                        • Instruction ID: ef5a99dc364198911140aebf3ea680e66af4637386c7fbd43f8b1856bf6497c2
                                                                                        • Opcode Fuzzy Hash: ec87994e762dec050e341228c386e168b59c6fbe8654f1cda5c9f4c5cfe55006
                                                                                        • Instruction Fuzzy Hash: A4F0BE727052205FD310DB7DD9D4CABFBEAEF89264315856BE108CB316CA309C0087A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512188 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: daa2eafc5a4f2c410c3490d69dea8affd122fa2990bc6c8b96d0a160bd878a02
                                                                                        • Instruction ID: 1f1cb76175d79070a2533563a5c8af7564a09d1201bfe8310c6824abcee8ce21
                                                                                        • Opcode Fuzzy Hash: daa2eafc5a4f2c410c3490d69dea8affd122fa2990bc6c8b96d0a160bd878a02
                                                                                        • Instruction Fuzzy Hash: 43F030343504108FE704DB2ED858D7977EAAFC9624B2581BAE50ACB365CF60EC018BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551B448 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea4a54ab9ce30bfbe268c868d3b3b14501b75d2403ac8f79f73ca5301222ef3e
                                                                                        • Instruction ID: 6b768b4ff68aa98a8becef4c0acaa38489b920ad6bbc3565b253315f02f32b79
                                                                                        • Opcode Fuzzy Hash: ea4a54ab9ce30bfbe268c868d3b3b14501b75d2403ac8f79f73ca5301222ef3e
                                                                                        • Instruction Fuzzy Hash: F601AC70804219DFEB14DF66C4447AE7EF6FF48360F14C565E815AA190D7B44A44CBD4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551B4E8 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ff78b593d5fee1e8cf7f5fd0c47b0388deb5555c465b478f89cab607aa44142
                                                                                        • Instruction ID: 457423332ff8d209f5e92c1e6476a4c6a62271f1daa991f10382db94b4c46ee0
                                                                                        • Opcode Fuzzy Hash: 0ff78b593d5fee1e8cf7f5fd0c47b0388deb5555c465b478f89cab607aa44142
                                                                                        • Instruction Fuzzy Hash: 26E06D727041246F5714DA6EDC84CABBBEEEBCD674351813AF50CCB310DA319C0086A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05519080 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e196c3ef02a6a9b7d0b62c1f0c8049979187fca50e35c85187f5a1f7e79db8d
                                                                                        • Instruction ID: b206534541d4cbf77976b09b6f26c4a6bc9802a9a9d88ffef3cf8f14c02d6a99
                                                                                        • Opcode Fuzzy Hash: 3e196c3ef02a6a9b7d0b62c1f0c8049979187fca50e35c85187f5a1f7e79db8d
                                                                                        • Instruction Fuzzy Hash: 45E09232315A28574A19A2BD541192F73DB9BC961C310C83ED04AC7B40DF3DDC0343DA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FD20 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 537ee63d3fd36d6e8c38fcab0ef730550c69cf278c07c3c93ce996ded8e88b21
                                                                                        • Instruction ID: 044554fa4c0a860c1937b1e5d221eb428dbd79b1cf5ba999ab58c77df449a061
                                                                                        • Opcode Fuzzy Hash: 537ee63d3fd36d6e8c38fcab0ef730550c69cf278c07c3c93ce996ded8e88b21
                                                                                        • Instruction Fuzzy Hash: 51F05E70E552099FCB44EFB8E9156EEBFB0FB46300F1045AAE804E3351D7740A14CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055117D8 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7fedaaf3597ad57fc4c090364098ccae19d7f69dd40ac00ceaafb249ea6db6e1
                                                                                        • Instruction ID: c751b24c53d62958528cc0907bbeef575a6cd2445cc2370d597ce204ff297770
                                                                                        • Opcode Fuzzy Hash: 7fedaaf3597ad57fc4c090364098ccae19d7f69dd40ac00ceaafb249ea6db6e1
                                                                                        • Instruction Fuzzy Hash: 3DE06571700A144B6708EB6EA80085AF6DBAEC8514354C17ED50D87625ED70E9024785
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FA59 Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c4df63daa678ae615745e4e2b3a3737bc2c597a705fd42bd3e155606d106b984
                                                                                        • Instruction ID: 907a80ffd141f664aeca3941a9343fa919737f2984824b71bdb0220959d09b0d
                                                                                        • Opcode Fuzzy Hash: c4df63daa678ae615745e4e2b3a3737bc2c597a705fd42bd3e155606d106b984
                                                                                        • Instruction Fuzzy Hash: BBF01C34D053089FC741DFB8E5586C8BFB4FB09210F1180E6D448DB761E7349A58CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05517F79 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d9849004eed66d7dc550fe9e4849c7fa3ca9aed23ad65205c5ae5254c99cc52b
                                                                                        • Instruction ID: a3be88e8311580ce564b72491fe5f43b75f5ccbd5239e271062ffec7798e7116
                                                                                        • Opcode Fuzzy Hash: d9849004eed66d7dc550fe9e4849c7fa3ca9aed23ad65205c5ae5254c99cc52b
                                                                                        • Instruction Fuzzy Hash: 65E0863720DA919BD322863D9848C976FA6FDCA23131903AAF98EC7253D63088158365
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FD30 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1319ef8d5b8d1d71561ef64320f51d076eeba782913b48ee4e965e767d6b7b1a
                                                                                        • Instruction ID: b5d100223483e42be37179cca2c6448fe93ff145bc14336eac1374e6682b7750
                                                                                        • Opcode Fuzzy Hash: 1319ef8d5b8d1d71561ef64320f51d076eeba782913b48ee4e965e767d6b7b1a
                                                                                        • Instruction Fuzzy Hash: BBF01570D102099FCB44EFB8D906AAEBFB0FB04300F1085AA9818A3390EB701A10CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FCE0 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e14d5ec976d203fdd24c866e45a769c9230f04639bce90415fce1478b4f6cab1
                                                                                        • Instruction ID: e523221c3716463740649f0445235dc0cce0bcaa6c1c2a9fc5b63e7aa7c393da
                                                                                        • Opcode Fuzzy Hash: e14d5ec976d203fdd24c866e45a769c9230f04639bce90415fce1478b4f6cab1
                                                                                        • Instruction Fuzzy Hash: 0AE07D1001D38017C71793B8BA302EE7F70BF4312CB1402CBD8544A6D3C6240726D372
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055118F3 Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a17783ebca244402a870b8921440f64af8f9df3300ae0b8eecdfab9fb7f98b60
                                                                                        • Instruction ID: 13a9f7e808eb313f35be6982b9524cdb8e848a89574f714f72cc49e53f8ef0dc
                                                                                        • Opcode Fuzzy Hash: a17783ebca244402a870b8921440f64af8f9df3300ae0b8eecdfab9fb7f98b60
                                                                                        • Instruction Fuzzy Hash: 7FF08C32C14219CFCB00EFBCDC044CDBBB0FE59301B008A66D698AB000F7305258CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FB2F Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7a1b2e756425b41eddf251864a4ae857c55035a479d69943d77d20a822ade860
                                                                                        • Instruction ID: adae2322d66f17e0ca843d56901e7ef9ac170f17eea2da5f380c2dcdae7d0562
                                                                                        • Opcode Fuzzy Hash: 7a1b2e756425b41eddf251864a4ae857c55035a479d69943d77d20a822ade860
                                                                                        • Instruction Fuzzy Hash: 8EE09B30C093446FC702DBB4E9202DEBFB06B42204F10C1E6C45893351C7394619CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511A9A Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: feacd49c379b3847d0c2f10616d745ab0664381f294c4b7025186535dd1cc35c
                                                                                        • Instruction ID: dd6603fbe7031d06984bd255843b02ac8b558c29e8e245dc9b1e71f2c26b31ec
                                                                                        • Opcode Fuzzy Hash: feacd49c379b3847d0c2f10616d745ab0664381f294c4b7025186535dd1cc35c
                                                                                        • Instruction Fuzzy Hash: 36E01276D001199BCB40EFA8DC046DEB7F4FF99310F108526DA68A3200E73156158BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551FC58 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0e4a3ce7fbdd7452118d7db80f550784a5c93fda9d4f3149d500aa15467a395
                                                                                        • Instruction ID: 911865a2ee91c990cbcf58fd0ad938cb9a2e908ed9cb92b83d339dcce3c9dae0
                                                                                        • Opcode Fuzzy Hash: c0e4a3ce7fbdd7452118d7db80f550784a5c93fda9d4f3149d500aa15467a395
                                                                                        • Instruction Fuzzy Hash: 5AE092308592C45FCB16CBB8E5602CCBF70EF03258F1546DAC8584A393C735065AC7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055117CA Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c6bd5810fce71e368eb8c68964e28fc3982ff4c7d193e032e05ce128ae66ef16
                                                                                        • Instruction ID: 7efa031d00fe9d50239bdc8f401bd8dd59181871593adf403b21e89f9623c894
                                                                                        • Opcode Fuzzy Hash: c6bd5810fce71e368eb8c68964e28fc3982ff4c7d193e032e05ce128ae66ef16
                                                                                        • Instruction Fuzzy Hash: 00E02671304B505FE3099B29C800516BFB7FEC5910325C1FEC58A8B221D960AD028BD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511900 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58cc05c3ccefc342b6be0bccb346730496ccae7670a3c0fda83a2037f63c9419
                                                                                        • Instruction ID: e45e4a0a96018b8030860646919e09c507ae294b24cf6d69a9cc8f80a7a61261
                                                                                        • Opcode Fuzzy Hash: 58cc05c3ccefc342b6be0bccb346730496ccae7670a3c0fda83a2037f63c9419
                                                                                        • Instruction Fuzzy Hash: 4EE05931D106199ACB40BFA9DC055DEBBB4FE95211B10CA26D558B7110F73066598B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05511AA0 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 76c3760d7805548a8cc83a67e30f92eeacbc7b80f828bdd9a3d3b4e293c153b3
                                                                                        • Instruction ID: 6177f10a3709a375404e9625cda7fc4983f0a576875af59417a9c30cd773d6c3
                                                                                        • Opcode Fuzzy Hash: 76c3760d7805548a8cc83a67e30f92eeacbc7b80f828bdd9a3d3b4e293c153b3
                                                                                        • Instruction Fuzzy Hash: B0E09A76D002199BCB40EFA9DC04ADEB7F8EF99311F108526DA68A3200E73166558BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 055173B8 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                        • Instruction ID: 912ce749e6476e76f383a2fc25de766a2ebbc91fffbc0b03bf5232257f5efc8a
                                                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                        • Instruction Fuzzy Hash: 7BC0123320C1282AA624904EBC80EA7AE8DE2C93B4A220137FD1C8320098829C8001F9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05518365 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 390c50a46887c88390e0defebbea3c384facecfe9f91e236d21053eb4875f28d
                                                                                        • Instruction ID: 08598b08a6bed358154c73d1d392511a317924ab3a0fff6b78faf58ed7d31599
                                                                                        • Opcode Fuzzy Hash: 390c50a46887c88390e0defebbea3c384facecfe9f91e236d21053eb4875f28d
                                                                                        • Instruction Fuzzy Hash: 16D0673AB100089F8B049F98E8448DDB7B6FFD8225B448116F915A7265C731A925DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05514BEF Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a3c62cdadc66637451b87406c293ea3229565218fb120d0e0f75a20d11df323
                                                                                        • Instruction ID: 25d9cbde2325e350394d2ae76be35d0544d490aeb8f31532dbd7c27dfa95412f
                                                                                        • Opcode Fuzzy Hash: 6a3c62cdadc66637451b87406c293ea3229565218fb120d0e0f75a20d11df323
                                                                                        • Instruction Fuzzy Hash: D8D05E342112058FC540BF60B555AE673569F8024CB448E2488090A129DA68491EA6DD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0551ADC1 Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2248e6de523066d61251d6b2bc1e73ecda7e7b93d7af1541ad3fc93d78c1bf2b
                                                                                        • Instruction ID: 5eeddb30e5177018a7207f1a4abb45859407e2aa36dce1354f724f98f730e301
                                                                                        • Opcode Fuzzy Hash: 2248e6de523066d61251d6b2bc1e73ecda7e7b93d7af1541ad3fc93d78c1bf2b
                                                                                        • Instruction Fuzzy Hash: 42D0127620A1819FD7076B24D918984BF71FF9621935681D3C1449A473C621D968CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512DA0 Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e6a635c5a199ac2efa85878ec5f6479c490aebb164c4275ab79c77ea14aad818
                                                                                        • Instruction ID: 3b42f1310d8414da4771444ee0c14f35c1edeb12a18dbe222650803de920ff3c
                                                                                        • Opcode Fuzzy Hash: e6a635c5a199ac2efa85878ec5f6479c490aebb164c4275ab79c77ea14aad818
                                                                                        • Instruction Fuzzy Hash: 3CD022AA2082808FE702EB24FA607C43BB2166100830204ABC0898F732E2102C0ECF20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05514C00 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 47d6ba6087e400c34326e32c8c249d8e8d5198d55f69a44243fe919b03a7f107
                                                                                        • Instruction ID: a30bc522e9390931f7d590b91dafdbf4389b1e9848b19153707e40542870812a
                                                                                        • Opcode Fuzzy Hash: 47d6ba6087e400c34326e32c8c249d8e8d5198d55f69a44243fe919b03a7f107
                                                                                        • Instruction Fuzzy Hash: 2DC012341152088FC540BF70F5558EA331BAB8034C780882494040A539DF785D4DE6D9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05519940 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dd6e8f3685e708a4d3cdc436eb46b83b1a722efcf57359992b750941bd2a7bba
                                                                                        • Instruction ID: a1e387d8a924e9829494d5b5de63dbbac625b068ac4da4c750e580bc07426d25
                                                                                        • Opcode Fuzzy Hash: dd6e8f3685e708a4d3cdc436eb46b83b1a722efcf57359992b750941bd2a7bba
                                                                                        • Instruction Fuzzy Hash: C1C0122200E1414EC603877CC8A51807B71AE462043D95582C480C5567D20869159B13
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05519D4C Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82faf68c67485c477913361f2e58deaeb2f7e6fd0b7153c5b8f514dd07c026dd
                                                                                        • Instruction ID: 1550d94369d9ec0d3e000fcbb01b316c85ddedd088d6e4978d95aa7f129920a1
                                                                                        • Opcode Fuzzy Hash: 82faf68c67485c477913361f2e58deaeb2f7e6fd0b7153c5b8f514dd07c026dd
                                                                                        • Instruction Fuzzy Hash: 4DC02B39101000AF4202E704C184CD9BEE3FF803507408C03A14505030C720C82CFB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05512DB0 Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.358895000.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_5510000_Host.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 87812e5c709d90ce4025b4d9e1e11496119da22ce9eeb1ad7f6aeab763ce8c7c
                                                                                        • Instruction ID: e2bcd5c711dc71915aadcd6c6ebea82baf2094ca27cd8b7f648d1d1e555d9301
                                                                                        • Opcode Fuzzy Hash: 87812e5c709d90ce4025b4d9e1e11496119da22ce9eeb1ad7f6aeab763ce8c7c
                                                                                        • Instruction Fuzzy Hash: 36B012B421431C426600F79DFA10CE933ED17D080CB800828940D0B7397E543C8E56D9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%